Microsoft Edge’s Start Page is being hijacked by tech support scams. Microsoft has issued a warning to users, urging them to be cautious when interacting with unfamiliar or unsolicited support requests. The Start Page has been replaced by a series of ads and pop-ups that offer help with issues like computer crashes, malware removal, and online security. Many of the ads are from companies that offer services that are not supported or endorsed by Microsoft. “We’re seeing an increase in scam attempts where scammers are using Microsoft’s name and logo to try to trick people into thinking they’re getting help from Microsoft,” said Brad Smith, General Manager for the Windows and Devices Group at Microsoft. “We want our customers to know that they can always rely on Windows Support to provide quality assistance.” Microsoft recommends that users only interact with support requests from trusted sources such as their computer manufacturer or a trusted friend. If you do encounter a scam attempt, report it to Microsoft using the Report A Problem tool in Windows 10 or 8.1. ..


Microsoft Edge has a feed of news articles on the start page, which includes some advertisements. According to a new report, some of the advertisements in the news section can redirect to tech support scams.

Malwarebytes, a cybersecurity company that develops the malware protection software of the same name, has published a report about a rising number of malicious advertisements in Edge. The ads are reportedly found on the News Feed, which is the grid of recommended articles that appears on the start page. Malwarebytes said in a blog post, “we have identified several ads that are malicious and redirect unsuspecting users to tech support scams.”

“In partnership with our advertising providers, we have removed this content and blocked the advertiser from our networks. We remain dedicated to our user’s safety and will continue to work with our partners to detect, eliminate, and provide new technological solutions to prevent malware attacks and address these threats.

The malicious ads, served by the Taboola ad network, first load a page that determines if the visitor is a potential scam target — checking bots, VPNs, certain geographical locations, and so on. If the visitor is targeted, they are redirected to a page that mimics a Windows Defender security popup and asks the person to “contact Microsoft support” with a provided phone number to remove a virus.

Tech support scams are (unfortunately) incredibly common, but this attack stands out for two reasons. First, it’s directly in Microsoft’s own web browser, which could make the attacks seem more legitimate to unsuspecting victims — Edge already has integration with Windows and other Microsoft products, so the browser showing Windows Defender prompts isn’t that far-fetched. Second, the attackers are cycling between many different sites to host the redirection and scam pages. Malwarebytes said, “in the span of 24 hours, we collected over 200 different hostnames.”

We’ve reached out to Microsoft about the problem, and we will update this article when (or if) we get a response. For the moment, you should avoid clicking any advertisements in Edge’s News Feed (they have an “Ad” label in the corner). You can also hide or completely turn off the feed in Edge.

Source: Malwarebytes