From time to time, hackers and malware developers found alternate methods to grab unsuspecting user’s attention and get them to follow their instructions. Once the user follows their instruction, hackers can use it to steal information and profit from them financially.
Microsoft Edge is the default internet browser for Windows 10. Edge is known for being fast, reliable and much secure compared to Internet Explorer.
Recently, a security researcher found and demonstrated how hackers can use Edge to manipulate fake alerts which is similar to the genuine red warning.
The red color warning from Edge is usually displayed by one of SmartScreen filter which is one of the security features of the browser. The red colour warning tells the user that the currently visited website is deemed unsafe. In genuine cases, a website is considered unsafe if there is malicious content such as a malicious script, presence of suspicious downloads in the site and previously reported records of the website being suspicious.
Manuel Caballero from Buenos Aires, the security researcher showed how hackers can change the wordings of display warning and add a phone number to the message. Once the call is made, the user will be put straight to them. If it is a paid line, you will be charged and the malicious developers can benefit from the activity.
What are users supposed to do?
As of now, there is no immediate danger by this threat. Carabello demonstrated it is possible to manipulate the message and there is a flaw in Edge browser. Since it was proven how the message can be manipulated, hackers and malware programmers are happy and working on how to exploit this flaw in Microsoft Edge browser. Since Edge is gaining popularity as a browser, they are not going to sit quietly and allow this opportunity to pass by.
- If you get the same red message from SmartScreen filter and if it includes a phone number, never call that number.
- If you keep getting this red alert even for websites that you know is genuine, then you need to disable SmartScreen filter.
Note: Disabling SmartScreen filter is not at all recommended, as enabling the feature helps you protect from a malicious website. Disabling should be done only if the red alert is too frequent and it carries a phone number.
Fix fake alert problem
Microsoft is already aware of this problem. They will be releasing an update soon to fix this flaw. Until then you have to be aware of the possibility of fake red alert and act safely.