: Attackers can intercept the connection and inject malicious code, advertisements, or phishing forms directly into the user's browser session.

Many casual internet users don't remember that http requires :// and that domain names need dots. They might also forget that spaces are never allowed.