Here is an example:
Cybercriminals can clone or create a fake copy of "www.hotmail.com", call the cloned version of the website "www.hotmail.win". Many online users who are tricked into visiting the fake website, would not notice the “.win” at the end of the name, or may even think Hotmail is using a new website domain name. Therefore, they would think they are on the legitimate Hotmail website. But, any attempts to sign into the fake website by visitors, will result in their Hotmail usernames and passwords being sent to the cybercriminals responsible for the website, who will use the stolen credentials to hijack the visitors' email accounts, which will be used fraudulently.
Online users who think they were tricked into visiting phishing websites that steal online usernames and password, should change their passwords immediately before their accounts are hijacked and used fraudulently.
We are not saying all websites with names ending with “.win” are dangerous. We just want online users to be aware of those fraudulent “.win” Top Level Domain name(TLD) websites, which are being created by hackers, scammers and other cybercriminals.
.win is a generic top-level domain managed by Famous Four Media of Gibraltar, who pitch it as a memorable gTLD for "online gaming resources and services".