It works like this: Somebody trying to log into a PayPal account accidentally types “PatPal” instead. Up pops a page that looks exactly like PayPal, with a place to put in a username and password. Are users smart enough to double-check the URL at the top of the browser before they do so?
Mostly not, it turns out. Some researchers at Godai Group set up typosquatting sites to see what would happen. “During a six‐month span, over 120,000 individual emails (or 20GB of data) were collected, which included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc.,” according to their final report.
All we can say is: Yikes! And suggest you use pre-existing (and carefully typed) bookmarks, as well as cut-and-paste, to avoid typing in URLs whenever you can.
Read more at PCWorld.