It’s awful, really. Some domain names are so awfully chosen, they sound like scams. Take the government program for financial support to students, called BAföG. Here’s a bunch of domains related to that:
Or, the worst one in my opinion: the German federal ID card has an integrated RFID chip that requires a PIN to unlock. You can use that chip to authenticate against a few government services online, which rely on the PIN as proof of identity. The PIN can be reset using a OTP sent via snail mail.
Q: where you you think can you order that letter?
a) Bundesdruckerei.de
b) personalausweisportal.de
c) pin-ruecksetzbrief-bestellen.de
d) bmi.bund.de?
Healthcare billing in the USA has gone this way. You're going to see emails from my-doctor-billing.com directing you to hospital-pay-site.biz and they're all totally legitimate.
Q: where you you think can you order that letter?
A: yes. It’s c. Seriously.