Instant Block: Microsoft Edge Gains New Sensor for Faster Scareware Scam Protection
Microsoft is introducing an additional layer of protection in its Edge browser to defend users against scareware scams—malicious webpages that mimic system virus alerts and urge victims to call a so-called “support hotline.” The new detection sensor will enable faster identification of such sites and allow Defender SmartScreen to block them more swiftly and effectively.
These schemes, commonly known as tech support scams, rely on aggressive, deceptive pages that claim a computer has been hacked or infected. Their goal is to coerce users into calling a fake “technical support” number, where scammers attempt to obtain remote access to the system or extract payment for fraudulent “repairs.”
Defender SmartScreen already protects Edge users from such threats by maintaining an internal database of malicious domains. However, populating this database takes time—during which new scam pages may still ensnare victims. The new sensor, powered by a local machine learning model, detects signs of fraudulent activity in real time, before the sites are formally indexed.
Unveiled at Microsoft Ignite 2024, the scareware blocker has been enabled by default on most PCs since February 2025. When triggered, the algorithm displays a warning, exits fullscreen mode, mutes audio, and presents a thumbnail preview of the page—giving the user the option to decide whether to proceed or close it.
Users can also report suspicious websites directly to Microsoft, submitting diagnostic data and screenshots to help SmartScreen identify emerging scam campaigns more rapidly.
Thanks to the new sensor, SmartScreen now receives alerts about phishing and scareware pages almost instantaneously. According to Rob Franco, head of Microsoft Edge Enterprise and Security, the upcoming Edge 142 release will notify SmartScreen of potential scam sites without transmitting screenshots or unnecessary data, relying solely on telemetry signals already used within the system.
“This mechanism gives SmartScreen an immediate signal to verify and block scams for users worldwide. In the future, we plan to introduce more anonymous indicators, enabling Edge to recognize recurring attack patterns,” Franco explained.
The feature has already begun rolling out with Edge version 142. While it remains disabled by default, it will soon be automatically activated for all users who have SmartScreen protection enabled.
Microsoft notes that fraudulent webpages now extend far beyond the classic ‘Virus Alert!’ pop-ups. Reports include fake control panels, counterfeit blue screens of death, and even imposter law enforcement warnings demanding payment to “unlock” compromised computers—demonstrating how scareware continues to evolve in both sophistication and deception.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
