Flaws in Microsoft's Edge's SmartScreen feature is allowing tech support scammers to push out warnings that falsely state a website is dangerous.
An independent security researcher Manuel Caballero blogged about a vulnerability he spotted in ms-appx: and ms-appx-web commands that could allow someone to create a fake alert that would lead a victim not to Microsoft's tech support department, but to a malicious site or person.
“When we place a telephone-like number, a link is automatically created so the user can call us with a single click. Very convenient for these scammers,” Caballero wrote.
SC Media queried Microsoft on this problem, but has not heard back from the company.