Manuel Caballero, who maintains the Broken Browser blog, found that scammers could also customize the text for the fake alerts to lure unsuspecting users into calling tech support numbers. The call center operators, in fact, would trick the victims into shelling out large sums of fees. Caballero noted that the malicious campaign is nothing new. However, he acknowledged that scammers are advancing their trick to fool more users. He wrote in a blog post:
Flaw exists in Edge’s SmartScreen security feature
Caballero said the security bug exists in Edge’s SmartScreen security feature, adding that the flaw is unique only to Edge. SmartScreen works to detect drive-by downloads and phishing URLs so that it displays a security alert inside the browser window. The warning messages reside in Edge’s installation protocols ms-appx: and ms-appx-web. Edge uses these protocols to show warning messages when the browser detects phishing or malware delivery sites. The security researcher explained that the flaw could not only allow hackers to extract the protocols and customize the warning messages, but it also lets cyber crooks fake the URL in Edge’s address bar. Scammers could also append a hash and forge a technical support scam page so that the spoofing appears authentic. Likewise, unsuspecting users would think a website they visit is legitimate, when in fact it is being spoofed. The vulnerability could serve as an effective tool for tech support scammers to mask their attack with a legitimate URL. Also, there’s currently no fix for the flaw, according to Caballero, who claimed Microsoft ignored his reports in the past.
Read also:
How to remove tech support scam pop-ups in Windows Micorsoft warns users of Hicurdismos, a ‘telephone tech support’ scam Microsoft Edge supports Windows Defender Guard for better security
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
