Their play is to send emails with those domains but in the emails claiming to be you and when people reading the email go to the domain, they see your page (they got redirected).
Wow. Yeah that's genius. It would definitely catch me as I just visit the domain to see if it's legit and don't think about redirects. e.g. gogle.com -> google.com
Nothing new. I used to create fake, for example, myspace login pages, host them somewhere, harvest the credentials then redirect back to myspace.com login
I used to do that too!! I wasn't malicious enough to do anything with them so I would just login to random accounts and poke around and occasionally show my friends by logging into the accounts of people we knew.
