Edge Browser Finally Combats Tech Support Scams

John Lister's picture

Microsoft's Edge browser now has a "scareware blocker" available for optional use. It attempts to recognize bogus claims that a computer has been compromised by malware.

Scareware can come from a deliberate scam website, a compromised site, or a pop-up window running on a legitimate site that hijacks or takes advantage of advertising space. Whatever the source, the effect is normally the same: highly visible warnings of a supposed malware infestation, often in a full-screen window that's difficult to escape. Some versions even include an audio warning.

The idea is to panic the user into installing supposed security software that is itself malware, which can then lead to a ransomware infection which encrypts all your data, then asks you to pay a fee (usually thousands of dollars) in Bitcoin in order to get it back.

Indian Technical Support Scam is Most Likely the Target

However, the most painful version of this "scareware scam" also involves getting users to call a fake Microsoft "support agent" via a 1-800 number (which is actually located in India), where users are tricked into allowing scammers remote access to their machines.

Users are then sold thousands of dollars worth of fake tech support, and in some cases, have their bank accounts drained.

In the latter case, the scam is often referred to as an Indian tech support scam, rather than a "scareware scam." Technically speaking, a fake virus alert popup in the browser was used to "scare" the user into calling the 1-800 number, then it later becomes a full-blown tech support scam.

Scam Gallery

Edge's new tool works by taking screenshots and quickly comparing them with a database of "thousands" of images of similar scams reported by users. It uses machine learning to spot patterns of how such scam displays will look.

If it spots an apparent match, Edge will stop any audio message, exit any full-screen page, and display a legitimate warning message that includes a thumbnail image of the suspicious page. The user can then choose whether to close the suspicious site altogether or proceed, with a further option to report a match or false positive. (Source: bleepingcomputer.com)

As the tool involves taking regular screenshots, there are obvious privacy implications. Microsoft has addressed these by having the entire tool run on the machine (having downloaded the database of scam site images). No images or data are sent over the Internet unless the user chooses to send a report and they will be able to see the image that will be sent in case it contains any personal data.

Esc to Escape

Even with this constraint, it's probably a smart idea Microsoft has made the tool optional. Users must actively enable it by turning on the "Scareware blocker" toggle in the "Privacy Search and Services" section of the Edge settings menu.

Microsoft also reminded Edge users that they can always get out of an unwanted full-screen web page by holding down the "Esc" key. This doesn't need the Scareware blocker tool. (Source: windows.com)

What's Your Opinion?

Have you seen scareware scams in action? Would you use this feature? Did you know about holding down the Esc key to get out of a full-screen page?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

Since most tech support scams require users to download a remote access program, Microsoft should also keep track if a fake virus alert ("scareware") popup loaded on the users' screen, and then display a very large and prominent warning if the user then visits a website that allows them to download remote access to their machine. The chances of the two happening in sequence would identify 99% of all tech support scams.

dbrumley3077's picture

How well do the other browsers handle scareware ?

Dennis Faas's picture

To answer your question: none, as far as I know because it's difficult to determine if a popup is malicious or not. Microsoft's approach with this mixes in machine learning (AI), so that is the difference.

If you use ublock origin, popup blocker, popup blocker strict, and adlock, you won't see any popups or ads which will block most scam advertisements outright.