Accidentally misspelling a web address could send you to an entirely different website that hopes to gain access to personal or financial information.

Criminals, often from overseas, are launching websites that are spelled like many popular sites but have a typo in them. What they are doing is called "typo squatting."

According to James Lyne of Sophos Security, "they look for a major brand name, a website address that you would normally visit, and they add a letter, remove a letter. Maybe choose two that are really similar on the keyboard."

For example, they may change the spelling of "Netflix" to "Neteflix" or add an extra "e" to Google making it "Googele."

One typo privacy victim, Allen Stern, told KNTV in San Francisco that he added an extra "o" to Costco.com.

That mistype took Stern to a site that looked like Costco's site. Stern was asked to fill out a survey to get a free bottle of face cream.  All Stern would have to do was pay for the shipping.

"I looked at my credit card statement and there's four $98 dollar charges on my account!" Stern exclaimed.

Stern did not know he was the victim of a scam until he contacted Costco to learn why their site had taken his money.

Victims of typo squatting are often convinced to type in personal information or click on a link that infects the computer. Some are even faced with a warning that they've already been infected and need to update the security software. 

All of it is a scam.

Lyne said, "typo squatting isn't big or clever, but it's effective."

Companies often register the common mis-spellings of their own websites in an effort to protect their customers, but security experts warn that the little padlock on the address bar is no guarantee the website is legit. 

The best advice is to be skeptical and always double check your spelling.