Magic Jigsaw Puzzle app on Windows 10 has phishing popup

Microsoft's only responsibility would be to remove the app from the Windows Store if it's found to be performing or contributing to potential malicious activity itself.

Fixing the problem belongs to the app developer.

What you've found indicates that either the malicious actors have found a way to bypass and directly inject these pages into and through the MJP app or the app itself is directly delivering them.  Either of these possibilities might help explain why there's recently been an apparent increase in the number of the popups displayed.

In any case, I see no reason to believe that the app developer is doing anything to attempt to stop these, so I also see no reason to trust them until that changes.  The only reason I can see that anyone continues to use the app is that they don't wish to give up the game itself, regardless of the potential risks to security or privacy this might represent.

Making such comments in the Windows Store app page for MJP and reporting it to Microsoft through the section provided, as well as removing the app from your own PC are the only courses of action that appear to be reasonable.

Expecting something to come from posting here in a community forum is senseless, since no one here has a direct channel to those responsible for these apps.

Rob

Both of you have nice thoughts, but the reality is that there are literally hundreds of websites putting out thousands of these fake popups every day and since most of them are located in other parts of the world, Microsoft can do little other then add them to their SmartScreen protection as soon as they are identified to block them in the future.

Since the text and phone numbers for these change daily if not more often, it's impossible to know both how many organizations or people are truly behind these.  The VoIP phone technology that made international phoning cheap also makes it easy to reroute calls from an apparent US number to anywhere in the world.

If you examine the technical details for the SupportScam:JS/TechBrolo.L threat description example one of you received, you'll note that this is a JavaScript malware that is hosted on malicious sites.  The threat Summary indicates that this threat is a member of the JS/TechBrolo family, which contains several other examples within its technical details section, all of which are completely different and are only a tiny example of the true number of messages displayed.

Microsoft is attempting to deal with this with a massive set of tools and techniques, including informing the public, but many of them don't understand the simple fact that avoiding the websites which most often aid in their delivery by not properly vetting their advertising networks who manage their advertising, the simplest way to protect yourself is to block the advertising itself.

The fight against tech support scams

The methods Microsoft Digital Crimes Unit is using to fight these, including partnering with AARP

Tech support scams persist with increasingly crafty techniques

A dozen screen shot examples and literally hundreds of phone numbers they'd used by April 2017

Avoiding technical support scams

Since all browsers are affected by this, including those on other computer systems and even smartphones which can be specifically identified and targeted by the malicious developer's code, it's not just a Microsoft problem.  You'll simply assume that because you have these devices yourself and are more likely to experience them there.

The Edge browser added the ability for browser extensions with the Anniversary update back in July 2016, so since then it's been possible to add popular extensions like Adblock.  To install extensions in Microsoft Edge, open the Edge web browser, click or tap the menu button in the top-right corner of the window, and select “Extensions.”

It's a shame that this is our world today, but we in the US are only finally waking up to the fact that the Internet directly exposes our devices to the entire world's criminal element, which requires us to protect them as if we were our own security force.  Microsoft has committed to changing the way that Windows operates with Windows 10 but this will take time to convert into the future versions like Windows 10 S that remove many of the legacy components which make it susceptible to malware.

On the way to this future Windows, the existing web criminals are rushing to take advantage of the holes that still exist on the Windows versions we currently use.  You need to determine for yourselves what level of security you require and whether you'll take an active role in protecting yourself and anyone else using you own systems.

That includes deciding which applications you install and how much annoyance you'll allow before deciding they're really not worth the effort they require to protect yourself.  Anything else is handing over your personal security and potentially identity to someone else to decide.

Rob