Another strong indication of phishing scams is a misspelled or incorrect domain name. Anyone can buy a domain name, and although every domain name must be unique, there are plenty of ways to create addresses that are similar to the domain being spoofed.
For example, a hacker bought the domain ‘gimletrnedia.com’ (that’s r-n-e-d-i-a, rather than m-e-d-i-a). The scam was so successful, it even tricked Gimlet Media’s CEO.
https://www.cybertalk.org/2018/12/07/gimlet-media-showcases-the-art-of-the-phishing-attack/