Microsoft is upgrading its Edge web browser with a new scareware sensor to accelerate the detection and blocking of tech support scams, also known as scareware. These scams utilize aggressive landing pages to panic victims into believing their device is infected with malware, often pressuring them to call a fake “support” number to gain remote access. While Microsoft’s existing Defender SmartScreen eventually blocks abusive sites after indexing, Edge already features a built-in scareware blocker—introduced at Ignite in November 2024 and enabled by default on most PCs since February—that provides real-time protection using a local machine learning model.
The existing, AI/ML-based scareware blocker is designed to detect the telltale signs of a tech support scam page immediately. Upon detection, it displays a warning, stops any loud audio, exits full-screen mode, and shows a page thumbnail, though it still allows a user to proceed if they are certain the site is safe. Users also play a crucial role in protecting others by sharing diagnostic information and screenshots, which helps the SmartScreen service swiftly identify and respond to widespread scareware outbreaks.
The new scareware sensor, which is currently rolling out in Microsoft Edge 142 (initially disabled by default), is designed to dramatically speed up this process. According to Principal PM Manager Rob Franco, who works on the Edge Enterprise and Security team, the new sensor will immediately notify SmartScreen when the Scareware blocker detects a suspicious full-screen page. Critically, this notification happens without sharing screenshots or any extra data beyond what SmartScreen already receives, beginning in November.
Franco emphasizes that this real-time report gives SmartScreen an immediate heads-up to confirm scams faster and ensure they are blocked for all Edge users worldwide. Microsoft is planning to enable this sensor for everyone who has SmartScreen turned on and intends to add more anonymous detection signals later to help Edge recognize recurring scam patterns with greater accuracy.
The need for these enhanced defenses is clear, as users have reported increasingly sophisticated scareware, moving beyond simple “Virus Alert!” popups to include scams using fake control panels, blue screens, or even fraudulent warnings posing as law enforcement demanding payment to unlock a PC. Franco noted that when a scam of this type was recently caught by the Scareware blocker, it had not yet been indexed and blocked by services like Defender SmartScreen or Google Safe Browsing, highlighting the need for this faster, real-time reporting capability.
Reference:
