Xbox LIVE users are being urged to check their accounts ASAP after it was revealed that a fake email was being used to trick oblivious customers into providing sensitive personal details.
The phishing attack sent users to a fake site where they were asked to input personal details like addresses, emails and credit card details in return for free Microsoft Points. The scam resulted in an average of £100 loss to each gamer who participated, however some have recorded that over £200 has been taken out of their bank account. The crooks were taking small amounts from credit cards over many weeks which made it hard to detect.
Microsoft is investigating and says a small percentage of users are affected.
“We take the security of the Xbox LIVE service seriously and work to improve it against evolving threats,” a Microsoft spokesman said. “Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.”
The spokesman continued: “We can confirm that only a small percentage of Xbox LIVE customers have been affected here in the UK. We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox LIVE users follow our account security guidance in order to protect their account details.” Microsoft confirmed there had been no breach in the security of Xbox LIVE itself.
The company says there is advice on its website about staying safe online but advises that people should never give out passwords or email addresses. It states that users should never type personal information into websites unless they are sure that they are genuine.
Jason Hart, MD of Cryptocard and a former ethical hacker, said: “Xbox customers are finding that they might have had more than £100 pilfered from their accounts. This is the third instance of hacking to hit the gaming industry in as many months and it is clear that hackers are finding it all too easy to steal gamers identities and access the financial information they need to make off with users cash.”