(istockphoto.com)
Columnist

I’ve done it.

I’ve typed in an Internet address and with the slip of a finger ended up on some funky website. One typo.

Or I meant to type a URL ending in “.com” but ended up with “.cm.” For example, you might type in goggle.cm instead of google.com. Such slips can put you in harm’s way.

Scammers love typos. And to capitalize on them, they hijack popular web addresses and cybersquat on URLs that are a typo away from legitimate websites. It’s a scheme called “typosquatting,” and it is intended to trick Internet users, according to Fraud.org, a project of the National Consumers League.

“If a user is unlucky enough to mistakenly type in the wrong address, they may be taken to a booby-trapped website filled with viruses and malware, or to a website that looks just like the legitimate website but is designed to gather their personal data for scammers,” Fraud.org said in a consumer alert issued this week. “Alternatively, these fake website addresses can be set up to sell knock-off imitation products to consumers who believe they are shopping at the real retailer.”

Close to 12 million online users visited potentially dangerous websites during the first quarter of this year, according to analysis from KrebsOnSecurity.com, a blog on cybersecurity started by former Washington Post reporter Brian Krebs.

Read more: Omitting the “o” in .com Could Be Costly

Krebs warned readers that “malicious websites ending in ‘.cm’ that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard visitors with fake security alerts that can lock up one’s computer.”

Read this blog post: Sticky: Wrong Spelling — Brand Name Hijack

Fraud.org offers tips to avoid landing on the wrong Internet site. Read the consumer alert: Typosquatters waiting to pounce on your errant keystrokes.

Here are two of the tips.
Double check what you’re typing. Sounds simple, but even the best typists make typos.

Read more: Hackers use typosquatting to dupe the unwary with fake news, sites.

“Always eager to capitalize on human inattention, cyber criminals have embraced this method of registering a commonly misspelled Web address to use as a base for the distribution of malware or to steal information from unsuspecting users,” wrote Elizabeth Weise for USA Today.

Bookmark websites you visit often.
Read more: Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018.

“If you’re in the habit of directly navigating to websites (i.e. typing the name of the site into a Web browser address bar), consider weaning yourself of this risky practice,” Krebs warns. “As these ubiquitous typosquatting sites show, it’s a good idea to avoid directly navigating to websites you frequent. Instead, bookmark the sites you visit most, particularly those that store your personal and financial information, or that require a login for access.”

Color of Money question of the week
Have you found a typo landed you on a strange website? Have you been a victim of a “typosquatting” scam? Send your comments to colorofmoney@washpost.com. In the subject line, put “Typosquatting.”

Live chat today
Please join me today at noon (ET) for a live discussion about your money. I’m happy to help you find an answer to a financial dilemma.

Here’s the link to join the conversation.

You won’t believe what the head of the agency charged with protecting consumers said to bankers
Mick Mulvaney, director of the Consumer Financial Protection Bureau, told bankers recently some things that caused quite a stir.

“We had a hierarchy in my office in Congress,” he said. “If you’re a lobbyist who never gave us money, I didn’t talk to you. If you’re a lobbyist who gave us money, I might talk to you.”

Then Mulvaney indicated he might do away with a popular consumer complaint system.
“I don’t see anything in here that says I have to run a Yelp for financial services sponsored by the federal government,” he said.

Read more: We need more, not fewer, government Yelps.

So in last week’s newsletter, I asked: What do you make of Mulvaney’s remarks?

Jerry Warshaw of South Orange, N.J., wrote, “Mick Mulvaney shows the true nature of the Trump administration, being the ‘Best politicians that money can buy’!”

“Mulvaney was honest about meeting with the money people,” wrote James Pritchett from Austin. “Sad but true. What is so typical is the phony outrage by the media and Mulvaney’s opponents. Who doesn’t believe this has been SOP [standard operating procedure] in Congress for decades?”

Thomas Druitt of Paducah, Ky., wrote, “Anyone who believes that their congressional representative behaves significantly differently from Mr. Mulvaney is being self-delusional. Given the ironclad marriage between money and politics I am highly doubtful that any congressional district’s citizens can be certain that the individual they send to Washington, D.C. is truly putting the concerns of the folks back home at the top of their priority list.”

“Members of Congress should place priority on hearing from their constituents — the people who sent them to Washington as their representatives,” wrote George B. Pickett of Jackson, Miss. “It is unfortunate that money gets into the discussion regarding lobbyists. Bear in mind that most Washington lobbyists are not there representing the members’ constituents but are representing their own employer or a group who is paying the lobbyist to be an advocate for the point of view of the party paying the lobbyist. It is important to [also] note that members of Congress are not born with expertise or insight into all of the complicated issues that come before them in the form of proposed legislation or regulations subject to their oversight. Both constituents and lobbyists perform the very essential role of informing members of practical effects which various proposals will produce.”

Earl Roethke of Minneapolis wrote, “I’m not at all surprised to hear that access to those in power is for sale. What’s sickening in this case is that a person with such low regard for principle is placed in a position of protecting consumers. Talk about putting the fox in charge of the hen house!”

Bryan Hudson of St. Louis, Mo., wrote, “At first glance you might think, at least he is being honest, then when that second is over you realize he is saying that because in the Trump era and under a government that seems bent on doing more harm than good for everyone but the very rich, there’s just no fear to try to hide the vile disgusting corruption and greed any more.”

Color of Money columns this week
Knowledge isn’t power. The right knowledge is power.

Stay informed about your money.

In addition to this newsletter, please read and share my weekly personal finance columns.

No, you cannot get rid of your tax debt for pennies on the dollar

Is $1 million enough to retire? Why this benchmark is both real and unrealistic.

Newsletter comments policy
Please note it is my personal policy to identify readers who respond to questions I ask in my newsletters. I find it encourages thoughtful and civil conversation. I want my newsletters to be a safe place to express your opinion. On sensitive matters or upon request, I’m happy to include just your first name and/or last initial. But I prefer not to post anonymous comments. (I do make exceptions when I’m asking questions that might reveal sensitive information or cause conflict.)

Have a question about your finances? Michelle Singletary has a weekly live chat every Thursday at noon where she discusses financial dilemmas with readers. You can also write to Michelle directly by sending an email to michelle.singletary@washpost.com. Personal responses may not be possible, and comments or questions may be used in a future column, with the writer’s name, unless otherwise requested. To read more Color of Money columns, go here.

Follow Michelle Singletary on Twitter @SingletaryM and Facebook.