It isn't unusual for bad guys to buy fake domain names that resemble real ones. Often they use simple character substitution.
For example, in h0medep0t.com, you'll notice there is a zero (0) where there should be a letter O. Although this example looks pretty obvious, often we don't take time to scrutinize what's in the address bar of the web browser.
Or, we jump to the link without looking closer, such as in an email or a text message where the real URL doesn't match up with the link displayed. In most email programs, like Microsoft Outlook, you can hover over the displayed link with your mouse cursor to see the actual web location that the link redirects you to—the URL—but this feature isn't available in all operating systems or in all email clients. You won't necessarily have this ability on your smart phone or web email client, for example.
This is why I don't click links sent to me—even from people I know—without scrutinizing them first. Here is a PCWorld article with more information about validating links: http://www.pcworld.com/article/248963/how_to_tell_if_a_link_is_safe_without_clicking_on_it.html.
Here is more about the Google scam. Scammers use a domain name that looks like Google.com but isn't: ɢoogle.com. Look at the "G." It isn't a standard letter that you'd type on a keyboard. It is actually a symbol, which uses a different character set. International (or extended) characters like this one are rendered on your computer screen by typing a specific combination of keys and numbers on a standard keyboard.
For more info, do a web search on the phrase "character set."
Here is the full article about the bad ɢoogle.com: