Phishing. Regular visits to these domains will 301 redirect them to you, but there's at least one URL that will instead be handled by the scammers themselves.
They'll then send out an email campaign with a From: address in the counterfeit domain (which will have valid SPF/DKIM/whatever), a subject like "Example.com: You've been invited to join a project!", quickly-come-see-this-secret-stuff body copy, and a call-to-action button linked to that URL.
The page hosted on the URL will have your branding and everything, and collect a bunch of personal information and/or access credentials for the scammers.
Taking down this stuff is tedious, but you can try -- least you can do for now is display a prominent 'this is not an authorized example.com domain' warning for inbound visits from these redirects, create a public Knowledge Base-like article warning about this abuse as well (making very clear this has nothing to do with you), and block the domains involved on your inbound mail server.
Silver lining: apparently your SaaS is successful enough to be used as a lure for scammers. Congrats?
They'll then send out an email campaign with a From: address in the counterfeit domain (which will have valid SPF/DKIM/whatever), a subject like "Example.com: You've been invited to join a project!", quickly-come-see-this-secret-stuff body copy, and a call-to-action button linked to that URL.
The page hosted on the URL will have your branding and everything, and collect a bunch of personal information and/or access credentials for the scammers.
Taking down this stuff is tedious, but you can try -- least you can do for now is display a prominent 'this is not an authorized example.com domain' warning for inbound visits from these redirects, create a public Knowledge Base-like article warning about this abuse as well (making very clear this has nothing to do with you), and block the domains involved on your inbound mail server.
Silver lining: apparently your SaaS is successful enough to be used as a lure for scammers. Congrats?