Architecture, Network security

Microsoft Edge flaw allows fake website warnings

December 12, 2016

Flaws in Microsoft's Edge's SmartScreen feature is allowing tech support scammers to push out warnings that falsely state a website is dangerous.

An independent security researcher Manuel Caballero blogged about a vulnerability he spotted in ms-appx: and ms-appx-web commands that could allow someone to create a fake alert that would lead a victim not to Microsoft's tech support department, but to a malicious site or person.

“When we place a telephone-like number, a link is automatically created so the user can call us with a single click. Very convenient for these scammers,” Caballero wrote.

SC Media queried Microsoft on this problem, but has not heard back from the company.

prestitial ad