Microsoft Refunds Money Lost In Xbox Live Phishing Scam, Promises Better Customer Service

Microsoft Refunds Money Lost In Xbox Live Phishing Scam, Promises Better Customer Service

Microsoft said it has intervened to restore the Xbox Live account of a customer hit by an overseas phishing scam, and refunded all unauthorised charges the scammers were able to make as her complaint got lost in customer support and was never properly locked down.

Further, a Microsoft spokesman tells Kotaku that the company is reviewing its procedures in light of this incident, another embarrassing manifestation of a phishing crime wave that has snagged ordinary users and even journalists.

“The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats,” the company said in a statement. “However, we are aware that a handful of customers have experienced problems getting their accounts restored once they’ve reported an issue. We are working directly with those customers to restore their accounts as soon as possible and are reviewing our processes to ensure a positive customer support experience.”

Microsoft went on to say that “While we do not ordinarily comment on specific cases, Microsoft can confirm that the account in question has been reinstated to its rightful owner and all unauthorised charges are being refunded in full.” The victim in question said she had lost $US300 from her PayPal account to the thieves as her complaint was being mishandled.

The company repeated its assurances “that there has been no breach to the security of our Xbox Live service,” which is fine to hear but it misses the larger point that customers really care about: there still is a way whereby someone’s account gets broken into and plundered for Microsoft points or downloadable content, which is then sold on auction sites.

It’s a delicate message, but in order to be phished, the information used to break into the account typically comes from a third party, like a compromised web site where the victim uses the same login and password. Microsoft doesn’t want to blame the victim, and neither do we.

But it would be as good a time as any to remind folks to change their passwords, and perhaps use something that is unique to Xbox Live, so that a phisher who uncovers your email address and password because of another site’s bad security can’t use the same login and password on Xbox Live. Really, it’s a good policy to have a unique password for any site that stores your credit card information. It’s a pain in the arse, but it’s the only way to be sure.


  • I know there is going to be lot’s of hate for microsoft since they messed up, but at least they are doing something about it….That doesn’t excuse the fact they mishandled and cost someone $300 (maybe $280AUD) but at least they are taking some course of action, which is ultimately all we can ask.

    • There should be some hate against MS though, I’ve heard of other instances that relate to people who have been hit with these charges and they have to wait out the ‘regular’ process, where some customers have had their account locked for 40+ days and sometimes DON’T get their money back.

      This case is certainly on the extreme end with some rubbish Customer Service, but simply because it’s gained some media attention, MS stepped in and resolved it instantly and the story goes away for a few weeks until something happens again.

      I think this story is a very very good example there is a problem out there, one which I don’t think it’s 100% user error, EA is another target seeing as alot of the time it related to FIFA Gold Packs, mainly because EA games connect through to their own servers when you log on.

      It doesn’t matter if it’s a breach, MS should be doing more than just advising customers to be careful with their details, hell the PSN outage should have been a wake up call to the internet users of the dangers, but the fact is their system is being ridiculously exploited at the moment at the expense of their customers, this is the major issue they don’t seem to be addressing.

      • They just unlocked my account, and sent me an email saying that their investigation found no unauthorised purchases on my account.

        Yeah, my points are still missing… and I can see two purchases in my history that I never made.

    • Who cares when they do it? At least they’re doing it. Although personally it seems a little too soon after the story went public for it to be because of that.

      • “At least they’re doing it”

        They have no choice, he’s saying. If they had a choice, they probably wouldn’t have bothered….

        • You’re giving them credit for something they’ve failed to do for years and thousands of other xbox live users.

          So your “at least they’re doing it” statement is kind of invalid.

          • yeah exactly, kind of obvious timing when the story goes all over the internet microsoft goes ‘oh shit we should probably do something to save face’

  • Why do you think i cringe at the site of “enter your credit card information”?

    It stays on auto renew, and you can’t cancel it without calling up their pathetic support service.
    If you look at these new offers too, you’ll read that it says “fee’s may change”… so it’s a pretty good technique they’re using of pulling you in, and holding your bank account ransom for as long as they feel.
    Why not let you cancel it online?

    After months of trying to cancel my “monthly auto-renewal” of xbox live gold, i finally succeeded when i went down to my bank and cancelled my card.
    That’s what it took.

    • Strange, I thought you could cancel it online. I know I saw “turn auto-renewal off” (or something along the lines) around a month ago.

    • You do realise you can cancel auto-renewal of your Live subscription through now right? It took them long enough but they finally bowed to pressure. I agree it’s a crappy tactic and a crappy service but they are at least improving.

      • Even with that feature, it took me weeks of trying off and on to get it to actually work. I found the area on, and the option to cancel, but was always met with a very vague error message that amounted to ‘Sorry, can’t do it.’ I know I can jump on the phone and do it, but anyone who’s tried to do Xbox Live account related tasks over the phone will know what I say when it’s…. difficult, at best.

        This and other MS practices are part of the reason i don’t have a 360 anymore.

        • I haven’t checked online for that feature recently, although i still read in the fine print of one of their “dashboard gold deals” that to unsubscribe, you would have to call support.

          And those error messages are what i’m talking about.

          I got an error message when trying to promote my first account (back in 06) to an adult one to gain all the features. But it kept saying it couldn’t do it.
          Eventually support called me and in some strange rationalisation, put ME on hold (they called me, and they put me on hold). Eventually the man told me it was corrupt and i had to start a new one.

          I was glad though i received 500 ms points and a year’s gold, but the service still seems lacking – especially regarding the removal of card details.

  • Yet Microsoft can never seem to put a foot wrong and will always be defended to the death by their customers/fanchildren. Any other company does wrong, they’re crucified. <3 double standards.

Show more comments

Log in to comment on this story!