Security researchers (including one I’ve hung out with, Hi Garrett!) were able to easily steal 20 gigabytes of sensitive data by registering bogus domains. People accidentally mistyped email addresses for legitimate domains and the data wound up at the bogus domains. For example, if malicious attackers wanted to collect data going to your domain (say bobcompany.com) they would register bobcompamy.com, bogcompany.com, bobvompany.com, and other similar misspellings. The hope is that someone sending sensitive data in an email will mistype the address and it will go to the attacker’s address instead. This happens a lot more than most people would think, as is evidenced by the research findings.
The best way to protect your company against this attack is to buy up misspelled domains similar to yours, which a number of companies are already doing. It’s not ideal or foolproof, but it’s better than having your data silently siphoned off.
http://gizmodo.com/5838708/how-researchers-stole-20-gb-of-e+mail-from-fortune-500-companies
http://www.wired.com/images_blogs/threatlevel/2011/09/Doppelganger.Domains.pdf