Skip to main content
January 27, 2025

Stand up to scareware with scareware blocker, now available in preview in Microsoft Edge

At the 2024 Ignite conference last November, we announced scareware blocker for Microsoft Edge which will provide a new, first line of defense against scams. Today, we’re excited to share more about how it works and invite you to preview the feature.

You’ve seen it yourself. There are more scams than ever before, on your phone, in your inbox, and in your browser.  In fact, our data shows that in 2024, Edge blocked five times more scams on average than it blocked just three years earlier.

Today, Edge uses Microsoft Defender SmartScreen to block known scams as people encounter them. But what if you’re the first person to see a new scam before it can be blocked? What if a scam hits your coworkers, your friends, or your family? The FBI reports that victims lose over a billion dollars per year to tech support and related scams. While no one is immune, these scams particularly prey on vulnerable elderly communities.

“Scareware” scams are a particularly convincing type of tech support scam. They use aggressive web pages to convince victims into thinking their system is infected with malware, pressure them to call a fake tech support number, and try to gain access to the computer. Last year, Hollywood even made a blockbuster action movie with scareware scammers as the villains.

Scareware blocker uses a machine learning model to recognize the tell-tale signs of scareware scams and puts users back in control of their computer. We call on users who want to combat scams to help us test our preview. Read on to learn how you can help!

Figure 1 – Scareware blocker fights tech scams

Anatomy of a scareware scam

Users can always close a full screen scareware page by PRESSING AND HOLDING the ESC key. We’re hopeful that raising awareness will help users protect themselves, even if they are not using scareware blocker.

While users have become more cautious with passwords and the files they download, scareware isn’t on most people’s radar. Even the most cautious can fall victim to scareware, as scam websites prey on their caution to create anxiety.

Scams move fast to evade detection

Scams have become more sophisticated, often moving after a few hours to evade detection. This makes early detection crucial for protecting users. Scareware can appear unexpectedly, especially in rogue online advertisements. For example, you might accidentally click on a misleading banner ad while searching for a product manual, leading you to a scareware site instead of the PDF file you were trying to download.

Scareware uses full screen mode just like video sites

Scareware sites often use full screen mode, just like popular video sites. Users know they can press ESC to exit full-screen mode, but scareware sites try to camouflage the ESC option, leaving users unsure of what to do next.

Scareware uses audio and keyboard mouse tricks to incite panic

Scareware sites also use audio and keyboard/mouse tricks to incite panic. They might play a warning from a computer-generated voice, leading victims to believe their computer has an identity theft virus and urging them to call support immediately. Savvy users might suspect a full-screen web page and press ESC, but scareware sites may try to hijack the keyboard and mouse to prevent escape.

How scareware blocker will help

As mentioned above, most people who land on a scam in Edge will be protected by Defender SmartScreen, which provides real-time checks on new and unfamiliar sites where abuse is more likely to hide. Once an abusive site is detected, SmartScreen can protect users worldwide within minutes.

Scareware blocker adds a new, first line of defense to help protect the users exposed to a new scam if it attempts to open a full screen page. Scareware blocker uses a machine learning model that runs on the local computer. The model uses computer vision to compare full screen pages to thousands of sample scams that the scam-fighting community shared with us. The model runs locally, without saving or sending images to the cloud.

Sequence diagram showing the steps that happen when a user navigates and scareware blocker compares the new page to its local model.
Figure 2 – How scareware blocker works

When scareware blocker suspects a page is a scam, Edge will put users back in control by exiting full screen mode, stopping aggressive audio playback, warning the user, and showing a thumbnail of the page they were just viewing:

The scareware blocker page in Edge. It shows a message saying that the page was blocked, allows the user to either continue or close the page, and shows a screenshot of the page.
Figure 3 – Scareware blocker warning the user and putting them back in control

Send feedback to protect others & avoid false alarms

Once the user is back in control of their browser, scareware blocker will let them report the malicious site to protect others. Users can share a screenshot of the scam and other diagnostics with Microsoft, helping the Defender SmartScreen service detect scareware outbreaks across multiple machines. If they don’t choose to report, the scareware blocker model will discard the page.

To reduce false alarms, users can also report when scareware blocker makes a mistake and blocks a legitimate page.

Sending this feedback makes a difference. By reporting false alarms, you help us make the feature more reliable to catch the real scams. Beyond just blocking individual scam outbreaks, our Microsoft Digital Crimes Unit goes even further to target the cybercrime supply chain directly.

Help us stand up to scams by enabling scareware blocker

While we recognize that the scareware blocker may not catch every scam—especially as tactics evolve—we are committed to empowering users with solutions while we improve our defenses.

Scareware blocker is rolling out now as a preview for all Edge users on Windows PCs. To enable in Edge, first make sure that previews are allowed by your administrator and also that Edge is fully up to date. You may want to restart the browser once more to make sure your Edge client has the preview.

After making sure you have the latest updates, you should see the scareware blocker preview listed under “Privacy Search and Services” as shown below. Your feedback will help us block scams faster and improve the model to reduce false positives!

The Privacy, search, and services tab of the Microsoft Edge settings page.The tab shows a toggle for scareware blocker.
Figure 4 – Enable scareware blocker today and send feedback to stand up to scams!