The Xbox 360's FIFA Phishing Continues Unabated

Since October, we've heard anecdotal accounts of Xbox Live members finding suspicious purchases on their credit cards and learning their accounts had been recovered to another machine. Now it's happened to a games writer -- just this past week. Dan Crawley of VentureBeat provides a detailed rundown of exactly what happened, and in the process asks some detailed questions of Microsoft.

The upshot of this is that it's probably a good idea to change your Xbox Live or Windows ID password to something completely random and completely unique, as Microsoft is insistent this is not a security breach but rather phishing, or some other form of social engineering. Crawley doesn't think much of Microsoft's posture in this, and notes that we're not hearing about it on PlayStation Network, probably because it's easier to recover an account to another console on Xbox Live.

The criminals behind this use the account to buy up lots of Microsoft Points, which are then used to acquire FIFA Ultimate Team cards. They're not trying to collect a set -- Crawley notes that some of the rarer virtual items are being traded for cash or auctioned offline for up to $US280.

Electronic Arts has set up a couple of pages, one containing detailed information on how to spot a phishing site and how to recognise an authentic EA page, among other anti-phishing tips. "With dedicated pages set up on the EA Forums to deal with this issue, at least the company is admitting that there is a problem," Crawley notes. It's important to realise, however, that EA has no role either in Xbox Live account security, or in any Xbox Live transaction where actual money changes hands.

"All the advice given by EA and Microsoft relating to the maintenance of safe accounts certainly makes sense," Crawley concludes. "But while it is easy to shrug these incidents off, blaming them on the security practices of affected Xbox Live users, and a number of malicious hackers, could it be that Microsoft needs to look at its own security protocol and ask if it is good enough?"

How I was hacked — a tale of hijack, XBox Live and FIFA trading cards [VentureBeat]


Comments

    The EA registration sites are a mess. If I was sent to a fake EA site I doubt I'd know the damn difference.

    This happened to me back in October. Microsoft told me that their was no suspicious activity detected on my account! They told me to talk to my bank if I want to get my money back as they won't refund me (6000 MSP). I am VERY careful when it comes to security and the pricks still got me! FU Micro$oft!

      That's strange because I got hacked in September and Microsoft were great about it for me. I had the same thing where hackers bought 6000msp which was charged to a stored credit card. Microsoft 'investigated' it and within 4 weeks I had my account back and was refunded $297. The worst thing about the whole deal was that my account was suspended whilt the investigation was conducted and it was when Gears of War 3 was released so I missed out on playing that online for the first month. But Microsoft refunded my money and gave me a month's Xbox Live sub to make up for the lost time.

      I was "phished" too. M$ were great about it, gave me back my points, got the money back from the bank, all sweet.

      Sucked about not being able to use Live for a month, but whatever.

    I still dont get how they can "trade them... Arnt they locked to the XBL account they purchased?

Join the discussion!