Scammers Target Microsoft Edge Users Via News Feed

Beating the Barbarians: How to Protect Your Workers from Cyberattacks Image

Scammers are targeting users of Microsoft’s Edge browser via malicious ads inserted into the news feed, warn security experts

Security experts have warned of an ongoing scam targeting users of Microsoft’s Edge via advertisements inserted into the browser’s news feed.

The malicious ads lure users in with shocking or bizarre stories, after which they are directed to tech support scam pages, said computer security firm Malwarebytes.

Tech support scams typically attempt to convince users there is a security problem on their device and to pay for expensive services to remediate it, usually through means that make it difficult for them to get their money back, such as gift cards.

Such scammers may also trick users into installing software that gives them access to all information stored on it and any network connected to it.

Image credit: Malwarebytes

Browser locker

Edge… is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular interest to fraudsters,” Malwarebytes said.

The firm said the scam had been going for at least two months.

It serves malicious ads over the Taboola ad network and those who click on an ad are initially sent a Base64 encoded JavaScript designed to filter out bots, VPNs and geolocations that are not of interest to the scammers.

Those the scammers aren’t interested in are sent to a harmless decoy page related to the ad.

Potential targets are directed to a browser locker page, a type of scam that prevents the user from leaving the current tab, which displays intimidating messages.

Image credit: Malwarebytes

Cloud infrastructure

In this case the scam page tells the user their system has been locked and tries to get them to call a US toll-free number that pretends to be a Microsoft technical support line, a typical tactic.

The scheme is notable for the cloud infrastructure it leverages, which makes the scam very difficult to block, Malwarebytes said.

Within a span of 24 hours the firm saw the scammers using more than 200 different hostnames on ondigitalocean.app.

“This particular campaign is currently one of the biggest we are seeing in terms of telemetry noise,” Malwarebytes said in an advisory.

Microsoft did not immediately respond to a request for comment.