The false warning could include info to contact the cybercriminal.
The false warning could include info to contact the cybercriminal.

Flaws in Microsoft's Edge's SmartScreen feature is allowing tech support scammers to push out warnings that falsely state a website is dangerous.

An independent security researcher Manuel Caballero blogged about a vulnerability he spotted in ms-appx: and ms-appx-web commands that could allow someone to create a fake alert that would lead a victim not to Microsoft's tech support department, but to a malicious site or person.

“When we place a telephone-like number, a link is automatically created so the user can call us with a single click. Very convenient for these scammers,” Caballero wrote.

SC Media queried Microsoft on this problem, but has not heard back from the company.