Disclaimer: I'm an employee of Emaze Networks S.p.A.
One way to defend against this kind of attacks is to not allow attackers to register similar domain names.
To achieve this you can register many bitsquatted/typosquatted domains together with your main domain name, but this is impossible to do with all bitquatting/typosquatting cases, since they can be billions (consider also unicode etc!).
An alternative is to periodically monitor the domains registered, and if you find a suspicious domain you can check what it does and, if it seems to be a malicious site, you can report it to the registrar and ask them to pass the ownership of said domain to you.
We have a small service, called Precog that does this, by aggregating registrar information from different sources and running various kind of queries to detect bitsquatting/typosquatting/punycode-squatting domains: you can register your brand, put some keywords and we will contact you if a suspicious domain is registered.
Our tool takes into consideration 2nd level domains, obviously, but is also able to detect registration of many 3rd (or more) level domains, so we may be able to detect someone is going to use app1e.account.com
to try and steal your apple credentials.
I must add: I believe the biggest use case for attacks of this kind is not to "get lucky" to receive a request because somebody mistyped the domain, but to use the domain as a phishing domain. So people will register the site àpple.com
and send tons of emails that look like Apple's emails and try to get some people to insert their credentials/credit card information on their page.