Domain names and URLs are one of of the most basic forms of web security we have, letting us quickly know where we are online. Sometimes, though, they can be used to mislead. Hackers and scammers often create fake websites that look plausible by using URLs with typos (twittter.com) unfamiliar subdomains (yourbank.sign-in.info) or hyphenated domains (secure-gmail.com). Unsuspecting users then visit these URLs thinking they belong to legitimate companies before being tricked into giving away their credentials.
https://www.theverge.com/2020/8/13/...omain-name-only-url-experiment-scams-hacks-86
https://www.theverge.com/2020/8/13/...omain-name-only-url-experiment-scams-hacks-86