A browser vulnerability researcher has discovered that with some tweaking Microsoft Edge can be forced to display fake scam alerts that contain a phone number to real tech support scammers.
A researcher at brokenbrowser.com wrote up an interesting blog post that details how Microsoft Edge can be manipulated to display alerts with a spoofed URL from a safe site. In the post he demonstrates how he can make a screen open that looks like the official SmartScreen function in Edge and display a legitimate URL like facebook.com. However taking it even further he’s able to include a phone number on this alert page which would make users think they need to call in for tech support. Tech support scams are still a common occurrence and become even more popular around the holidays as malware infections ramp up.
This wasn’t seen in the wild, but as tech support scammers continue to develop the methods they are using vulnerabilities like this could be used. In creating this page he also realized that the phone number you display is an active link which would allow users to call scammers in one click. You should always be skeptical of pop ups that are offering tech support, in almost all cases you may have clicked on a malicious link, or are being redirected to one. You can always just close these windows and continue on your way, as the problems they claim you have are fake. Our number one advice is to never call numbers that come to you via pop up window. If you’re looking for support for any product, navigate to their website yourself and find their customer support team who will be happy to help you.