Microsoft Defender SmartScreen
In the last few months, I’ve been looking into fake websites and scams online, especially those related to AiTM (Automated Teller Machine) attacks. I used Microsoft Defender SmartScreen, which adds an extra layer of protection when you’re browsing. It helps spot and block harmful websites. From what I’ve seen, it’s pretty good at catching AiTM websites.
When I checked out new websites using Defender TI, I noticed that SmartScreen often identifies a bunch of them as potentially dangerous. But if you’re using Defender for Endpoint without SmartScreen, it might miss blocking some sites, even with Network Protection turned on.
So, my suggestion is to turn on Defender SmartScreen and set it up to prevent any sneaky attempts to bypass it.
Here’s an example of an AiTM website that SmartScreen caught:
If you don’t have SmartScreen turned on, Defender for Endpoint still provides protection through its network protection engine. However, it’s worth noting that this doesn’t apply to all websites. In cases where it does apply, you might see an alert in Defender for Endpoint saying, “Suspicious connection blocked by network protection.” This alert signals that the system has detected a potentially harmful connection and took action to block it
Defender SmartScreen’s phishing protection, exclusive to Windows 11, offers extra security in specific scenarios:
- When accessing a reported phishing site.
- When accessing a Microsoft login URL with an invalid certificate.
- When using an application that connects to either a reported phishing site or a Microsoft login URL with an invalid certificate.
In a nutshell, Defender SmartScreen provides added protection and can be effective in blocking AiTM websites. For more details, including configuration instructions and an in-depth explanation of Defender SmartScreen, you can refer to the following blog: