Online payment is easy and convenient. But it's not all that peachy; cybercriminals lurk around the web to compromise users. One method they employ is phishing attacks, and increasingly they've taken to using wildcard certificates to carry out their nefarious acts.
Wildcard certificates are public key certificates that secure a website's URL and an unlimited number of its subdomains. For instance, a single wildcard certificate can secure both www.securityexample.com and blog.securityexample.com. Software company Venafi released a short, useful Chalk Talk clip that explains how cybercrooks abuse the trust we put in wildcard certificates.