Typosquatting's traditional attack vector is through the web to distribute malware or harvest credentials. Other vectors such as email and remote access services such as SSH, RDP, and VPN also can be leveraged. In a whitepaper by Godai Group on doppelganger domains, they demonstrated that numerous emails can be harvested without anyone noticing.
If someone's email address is "firstname.lastname@example.org", the doppelganger domain would be "financesomecompany.example". Hence, if someone is trying to send an email to that user and they forget the dot after "finance" (email@example.com), it would go to the doppelganger domain instead of the legitimate user.