Welcome Guest [Log In] [Register]
Aloha and welcome to The Halo Social!

We're just some people who want to talk more than just Halo since life is a big part of living too. :D You are all welcome, no matter how you found us so feel free to look around a bit. We'd love it if you stayed a while though so go on and register, you know you want to...Simply use your GamerTag as your login then wander on over to Introductions, say hello, and join in the fun!

Username:   Password:
Add Reply
URGENT: How Scammers Are Stealing Xbox Live Accounts And What They Do With Them; Article which explains a nasty exploit of Microsoft's Customer Service with Xbox Live accounts
Topic Started: May 26 2012, 09:21 PM (167 Views)
TheOneInYellow
Member Avatar
The Audiophile
[ *  *  *  *  * ]
First, please, please read the following two articles in their entirety. This affects everyone, here on the forum and every Xbox Live account holder, and yes, this is serious:

How (And Why) Your Xbox Live Accounts Are Hacked

How Scammers Are Stealing Xbox Live Accounts And What They Do With Them.

Now, just to summarise the article a little:

  • The article describes how Xbox Live accounts are 'jacked', not hacked, and sold on websites.
  • This type of scam involves impersonating a user, contacting Microsoft Support direct, getting reference numbers, and essentially jacking an account.
  • THE SCAM DOES NOT CIRCUMVENT ANY SOFTWARE/SECURITY PROTECTION MEASURES, BUT BYPASS A USER COMPLETELY.
  • Everyone with a Xbox Live account is affected. EVERYONE.
  • This is as serious as the successful hacking of PSN accounts last year, but this scam aimed at Xbox Live accounts is not a hack. Rather, once a scammer gets hold of your details, they have access to the following:
    • Email account(s) linked to your Xbox Live Account,
    • Microsoft Points,
    • Any linked credit/debit card or bank details, or PayPal
    • With accounts jacked, further attacks can be made to your online presence on other areas of the internet, depending on your Gamer Tag/email username, password, email contents of your internet usage, and so forth.
    • Any downloaded content (scammers are especially targeting those with lucrative game licences, such as CoD MW games, subscriptions like Netflix, exclusive content for games, and so on),
    • Status of peculiar Gamer Tags, especially with those who have been long subscribers to Microsoft Live Gold accounts (the higher the number of years you are a subscriber, the higher the risk of being jacked),
    • Other lucrative/status/egotistic reasons.

Of course, the success of these jacks are not high, but are significant.
Out of courtesy, I will not link to websites or forums where such Gamer Tags/Xbox Live accounts are sold/abused, but the article does show links to the websites; as a disclaimer, this forum and I will not be responsible for any problems you may encounter when visiting the websites linked in the articles (this also, unfortunately, means the articles themselves).
I am merely advising and helping members to better understand a threat to their Xbox Live accounts.



So, what can you do?

NOT MUCH, ACTUALLY. :((
This is a problem with Microsoft Customer Services, so the best thing you can do is two things.

First, minimise the damage.
  • Remove any and all bank/card/PayPal linked details to your Xbox Live Accounts as soon as you can. Buy Pre-Paid vouchers, or if you must, do one-time transactions, then remove the details asap (for the latter, use the main Xbox website).
  • Link your Xbox Live account to an exclusive email that does not use the same password, and if possible, no relation to your Gamer Tag name. Remember that to link an email to an Xbox Live Account, the email account must be 30 days old.
  • Be vigilante of your Xbox Live account and linked bank/card details or transactions.
  • Tell Microsoft how you feel about this situation. Show them the articles and the websites linked in those articles. Tell them that this is serious as the original Xbox Live account user has very little control over their own accounts when faced with this scam. Tell them to improve scrutiny through their Microsoft Customer Services. You get the point.


I normally don't shout alarm or make a big drama out of something that may happen to be false or rumour, but I am confident that this scam is neither a rumour and very serious.
I do not want fellow friends and members of this forum to succumb to problems later, be affected in the same way users were affected with the infamous 2011 PSN hacks (I was hacked, it was bad, I don't want anyone else in such situations), be armed with good information to protect themselves as far as possible, and to help others you know about this scam.

Please be vigilante of your accounts, and be safe.

Kind Regards, and best of luck,

TheOneInYellow
Offline Profile Quote Post Goto Top
 
porottaja
Member Avatar
Top 3 Oddball
[ *  *  *  *  * ]
Using only pre-paid cards with everything.
Own no CoD licence.
Don't use Netflix.

Phew. :cool:
Offline Profile Quote Post Goto Top
 
PhoenixVakarian
Major
[ *  *  *  *  * ]
Yeah i'm with poro, i have only ever (and will only ever) use the pre-paid cards for mps and memberships, the email i use is a n email i set up only for XBL, i don't use with anything else, and i have never played (or plan to play) c.o.d!

I also don't use netflix, or any apps on my xbox!

Thank you for bringing this up yellow, hope everyone else is safe!
Offline Profile Quote Post Goto Top
 
Eskobar M92
Member Avatar
Captain
[ *  *  *  *  * ]
I have a couple hundred Xbla and dlc. So far not been hacked. Hopefully stays that way. I use a good password. I'll consider removing credit card details.
Edited by Eskobar M92, May 27 2012, 01:48 AM.
Offline Profile Quote Post Goto Top
 
Eskobar M92
Member Avatar
Captain
[ *  *  *  *  * ]
MS should verify every call and see if the numbers match to your address.
Offline Profile Quote Post Goto Top
 
TheOneInYellow
Member Avatar
The Audiophile
[ *  *  *  *  * ]
Eskobar M92
May 27 2012, 01:42 AM
I have a couple hundred Xbla and dlc. So far not been hacked. Hopefully stays that way. I use a good password. I'll consider removing credit card details.
You don't need to worry about being hacked, as MS is good at software security measures.
However, this scam bypasses all software based security systems by exposing two concurrent exploits in MS Customer Services; human error and trustworthiness (with a bit of discretion on the side).

As the articles describe, once you can trick the staff at MS Customer Services into believing that you are the owner of someone else's Xbox Live Account, most of the scam is complete.
Its very dirty, cowardly, long winded and genius, with a good dose of trial and error. Yet that's the problem, even if it works, lets say for example sake, 5% off the time, that is too much. So is 1%.
If the articles, and the scammers themselves, are telling the truth (I believe so), then the success rate is high enough to cause serious alarm (not ridiculously high, but that gives no comfort at all).

MS need to ramp up training of customer service representatives and produce a far stronger way of keeping original owners in control of their accounts.
Offline Profile Quote Post Goto Top
 
Braythor
Member Avatar
Dumped Scruff's mum
[ *  *  *  *  * ]
Mmm, low likelihood of happening, but the fact that it does happen is enough to warrant caution. I loathe people like that - hackers, jackers, virus distributors etc - with a passion, they are disgusting, lowlife cowards.

Anyway, you've encouraged me to remove my card details from my Live account. Now I have a job I can actually afford to pay for more than one month at a time, and it's just stupid to be paying £6 each month when I can pick up 3 months for £12 on Amazon. Same goes for points, no need to buy them through my xbox. So cheers Yellow!

Mmm...but now I go to cancel my auto renew and they offer me 6 months for £15...
Edited by Braythor, May 27 2012, 12:54 PM.
Offline Profile Quote Post Goto Top
 
Eskobar M92
Member Avatar
Captain
[ *  *  *  *  * ]
TheOneInYellow
May 27 2012, 11:53 AM
Eskobar M92
May 27 2012, 01:42 AM
I have a couple hundred Xbla and dlc. So far not been hacked. Hopefully stays that way. I use a good password. I'll consider removing credit card details.
You don't need to worry about being hacked, as MS is good at software security measures.
However, this scam bypasses all software based security systems by exposing two concurrent exploits in MS Customer Services; human error and trustworthiness (with a bit of discretion on the side).

As the articles describe, once you can trick the staff at MS Customer Services into believing that you are the owner of someone else's Xbox Live Account, most of the scam is complete.
Its very dirty, cowardly, long winded and genius, with a good dose of trial and error. Yet that's the problem, even if it works, lets say for example sake, 5% off the time, that is too much. So is 1%.
If the articles, and the scammers themselves, are telling the truth (I believe so), then the success rate is high enough to cause serious alarm (not ridiculously high, but that gives no comfort at all).

MS need to ramp up training of customer service representatives and produce a far stronger way of keeping original owners in control of their accounts.
Yes I figured that out later, I post they should check phone numbers so not anyone could call in. But that could possibly be bypassed as well. I hope this doesn't happen then I'd have to start a new gamertag, ugh.
Offline Profile Quote Post Goto Top
 
crazybydefault
Member Avatar
Grenade Honker
[ *  *  *  *  *  * ]
I usually renew through buying pre-paid cards (Speaking of which, I need to do so now!), and don't have any passes associated with my account. I should be good to go.

But the way they pull this off is beyond ridiculous!
Offline Profile Quote Post Goto Top
 
ASLANS R0AR
Member Avatar
Spartan Pops
[ *  *  *  *  *  * ]
for some reason, I can't delete my credit card from my Xbox live account; it's tied to a pre-paid free month code I put in a while ago I guess (not set to renew). I'll keep an eye on my CC activity for sure!
Offline Profile Quote Post Goto Top
 
TheOneInYellow
Member Avatar
The Audiophile
[ *  *  *  *  * ]
ASLANS R0AR
May 29 2012, 02:58 PM
for some reason, I can't delete my credit card from my Xbox live account; it's tied to a pre-paid free month code I put in a while ago I guess (not set to renew). I'll keep an eye on my CC activity for sure!
I am currently in the same boat, but I have made some significant changes to my account and to safe guard my bank details. I will be in touch with Microsoft soon.

For those who don't know, a rumour, which seems quite plausible, has been running around recently; MS is phasing out Microsoft Points in favour of real-world currency transactions, which will possible start at near the end of this year: Rumor: Microsoft Dropping Microsoft Points System.
So yeah, it will be very hard to make purchases in the furture unless Microsoft do something.

This is especially true for the next-gen consoles, where tying our bank details to our consoles (if we continue to be Xbox Live subscribers, and the same goes for PSN purchases) is almost the norm and getting content quickly.

Personally, I want my card details of the account ASAP, but really, I want Microsoft to get off their arse and sort out their CS. It would make life easier, and make feel safer to re-add my card details to my account again in the future.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
ZetaBoards - Free Forum Hosting
Enjoy forums? Start your own community for free.
« Previous Topic · Current Events · Next Topic »
Add Reply