In terms of domain names, they look the same, the only difference is (.) and (-) then add domain .com - if the person doesn't realize it and immediately connects to metamask then it will be their loss because they are too careful not to check more carefully.
There are so many phishing sites on Twitter, when there is a trend for a well-known platform name, fraudsters move faster to create fake site scripts, and what's strange is that they get a premium Twitter account, it's possible that the account has been hacked and changed its name.