The 'average user' is not going to take the time to learn regex, I'm sorry to say. Personally, I'm very dangerous wih them...
That said, I agree with you that this is an issue. Most of us probably get by this by simply using wildcards sensibly, as miguelfire described...
Maybe one way of handling this is to have PWM pop-up a warning to the user if they try to save a URL wildcard pattern that is vulnerable to a phishing attack, with a link to a detailed explanation right there on the warning pop-up?
Yeah, but just in case anyone wants to know:
[^/]* indicates a string of characters of any length that can contain anything but a "/"
\. indicates a "." - because "." alone has special meaning in regexp, you have to write \. instead.
.* indicates a string fo characters of any length (any characters whatsoever)
s? indicates that there could be a single "s" in this place, or there could be none.
FYI http:// is unsecure, https:// is secure (encrypted web page).
So:
https://[^/]*\.yahoo\.com/.* -- domain name w/ ".yahoo.com/", secure https only.
https?://[^/]*\.yahoo\.com/.* --- domain name w/ ".yahoo.com/", secure https or unsecure http.
https://[^/]*\.ebay\.com/.* -- domain name w/ ".ebay.com/", secure https only.
https?://[^/]*\.ebay\.com/.* --- domain name w/ ".ebay.com/", secure https or unsecure http.
https://[^/]*\.wikipedia\.org/.* -- domain name w/ ".wikipedia.org/", secure https only.
https?://[^/]*\.wikipedia\.org/.* --- domain name w/ ".wikipedia.org/", secure https or unsecure http.