While Microsoft has claimed that Edge is the most secure browser around, it has been discovered that scammers can exploit a flaw in Edge to display fake SmartScreen error messages. In a new report, Argentinian security researcher Manuel Caballero found that scammers can force SmartScreen into displaying a fake warning message in Microsoft Edge. Scammers can then use the message to extract personal information from you.
SmartScreen is used by Edge to protect users from dangerous websites by displaying a familiar red alert in the Edge browser (legitimate website warning below).
Caballero reveals that if scammers are successful at exploiting this bug, they can display a native warning message and place a link within the message to ply more personal information from the user by either clicking a link to call the scammer, or go to a fake Microsoft help website.
“As a bonus, when we place a telephone-like number, a link is automatically created so the user can call us with a single click. Very convenient for these scammers.”
No word yet from Microsoft if they are working on fixing this bug in Microsoft Edge, but it is assumed that they would want to fix this security vulnerability ASAP.Further reading: Microsoft, Microsoft Edge, SmartScreen, Vulnerability