Domain typo-squatting is best known and most commonly used to perform phishing scams or spread malware to people whom accidentally misspell legitimate domain names in their Web browser. As widespread and effective as this attack vector is, it is certainly nowhere near the most dangerous use. Recently during a six-month span, we set up and monitored several “doppelganger domains” simulating a variety of Fortune 500 companies and we were alarmed with what we found. Over this period we collected over 120,000 individual emails (~20GB of data) which included included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc. In this presentation, we will cover a variety of domain typo-squatting attack techniques, show real world examples of what type of data can be leaked, and discuss methods of protection.