Microsoft Edge Scareware Blocker: AI-Powered Scam Detection

Microsoft Introduces New Scareware Blocker

Microsoft is currently deploying a novel security feature, known as a “scareware blocker.” This tool leverages the power of machine learning and computer vision to detect a widespread and troublesome form of online fraud.

Understanding Scareware Tactics

“Scareware” has been a persistent problem on the internet for many years. It frequently manifests as fraudulent antivirus software, falsely reporting the presence of threats on a user’s computer.

These deceptive programs then attempt to coerce users into either installing harmful software or purchasing unnecessary applications.

Recent FTC Action Against Tech Support Scams

In the previous year, two technology support companies were mandated to pay $26 million as part of a legal settlement with the U.S. Federal Trade Commission (FTC).

The FTC had accused these firms of employing misleading marketing strategies, including the use of fabricated Windows pop-up alerts, to defraud customers.

Samuel Levine, director of the FTC’s Bureau of Consumer Protection, stated that the companies utilized fear-based tactics and falsehoods regarding computer security to extract money from consumers, particularly the elderly.

How the New Blocker Works

Microsoft already provides mechanisms to prevent access to known malicious websites that have been identified and reported. However, this new feature focuses on proactively blocking previously undetected scam tools as they attempt to display full-screen pages.

The company initially previewed the blocker at its Ignite conference in November. Now, they are requesting user assistance in testing the functionality through a preview program within the Edge browser.

Participating in the Preview Program

Users can contribute to the development of this important security tool by participating in the preview program. This will help Microsoft refine the scareware blocker and improve its effectiveness against emerging threats.

Introducing the Scareware Blocker in Microsoft Edge

The scareware blocker feature within Microsoft Edge necessitates user activation via the “Privacy, search, and services” settings. This proactive step is crucial for enabling the enhanced security layer.

This new functionality supplements existing security measures like Microsoft Defender SmartScreen, which already monitors web pages for potentially harmful behaviors. The blocker focuses on a specific tactic employed by scammers.

How the Scareware Blocker Works

Specifically, the scareware blocker intervenes when a deceptive program attempts to initiate a full-screen display. Full-screen takeovers are often used to obscure identifying features of a scam and hinder user escape.

Users may be unaware of methods to exit full-screen mode, such as pressing the “Esc” key, making them more vulnerable to manipulation.

Machine Learning and Computer Vision

Microsoft developed the scareware blocker using a machine learning model. This model was trained on a substantial dataset of thousands of genuine scam examples.

The system then leverages computer vision to analyze new, encountered scams in real-time, comparing them against the learned patterns.

Responding to Potential Threats

Upon detecting suspected scareware, the tool automatically performs several actions to protect the user. It will first terminate any full-screen presentation.

Furthermore, any accompanying audio – such as alarming sounds or voice prompts – will be silenced. The user is then presented with a choice: proceed to the page or close it entirely.

microsoft tests ‘scareware blocker’ for edge that uses computer vision to detect scams

Privacy Considerations

Microsoft's implementation of computer vision for screen analysis may understandably generate privacy-related questions. This approach shares similarities with the previously debated Recall feature, which captures screen images to establish a searchable record of user activity.

Nevertheless, regarding the scareware blocker, Microsoft asserts that the machine learning processes occur directly on the user’s device, with no data being stored or transmitted to external servers.

For the purposes of refining the model and enhancing the Defender SmartScreen suite, Microsoft is actively seeking input from initial users. They are offered the opportunity to submit screenshots of potential scams to Microsoft for analysis.

Furthermore, users retain the ability to report instances where the scareware blocker incorrectly identifies a legitimate website as malicious.

This feedback mechanism is crucial for improving the accuracy and reliability of the system.

User Control and Data Handling

A key distinction is the local processing of data by the scareware blocker. This contrasts with cloud-based solutions where information is routinely uploaded and stored.

The option to voluntarily share screenshots provides users with a degree of control over their data. It allows Microsoft to learn from real-world examples without compromising individual privacy.

Reporting false positives is equally important, ensuring that the system doesn't unnecessarily restrict access to safe and valid online resources.