The Xbox 360's FIFA Phishing Continues Unabated

Illustration for article titled The Xbox 360's FIFA Phishing Continues Unabated

Since October, we've heard anecdotal accounts of Xbox Live members finding suspicious purchases on their credit cards and learning their accounts had been recovered to another machine. Now it's happened to a games writer—just this past week. Dan Crawley of VentureBeat provides a detailed rundown of exactly what happened, and in the process asks some detailed questions of Microsoft.


The upshot of this is that it's probably a good idea to change your Xbox Live or Windows ID password to something completely random and completely unique, as Microsoft is insistent this is not a security breach but rather phishing, or some other form of social engineering. Crawley doesn't think much of Microsoft's posture in this, and notes that we're not hearing about it on PlayStation Network, probably because it's easier to recover an account to another console on Xbox Live.

The criminals behind this use the account to buy up lots of Microsoft Points, which are then used to acquire FIFA Ultimate Team cards. They're not trying to collect a set—Crawley notes that some of the rarer virtual items are being traded for cash or auctioned offline for up to $280.

Electronic Arts has set up a couple of pages, one containing detailed information on how to spot a phishing site and how to recognize an authentic EA page, among other anti-phishing tips. "With dedicated pages set up on the EA Forums to deal with this issue, at least the company is admitting that there is a problem," Crawley notes. It's important to realize, however, that EA has no role either in Xbox Live account security, or in any Xbox Live transaction where actual money changes hands.

"All the advice given by EA and Microsoft relating to the maintenance of safe accounts certainly makes sense," Crawley concludes. "But while it is easy to shrug these incidents off, blaming them on the security practices of affected Xbox Live users, and a number of malicious hackers, could it be that Microsoft needs to look at its own security protocol and ask if it is good enough?"


How I was hacked – a tale of hijack, XBox Live and FIFA trading cards [VentureBeat]



There's something else larger going on here that MS or EA aren't talking about. My account got hacked but due to there being no card on the account and only 150ish points on the account they weren't able to do much. Still got FIFA12 on my 360's games list as a result.

However, I didn't get phished. I've never been phished. There has never been a time that I've gone to a site to enter information that I didn't manually go to myself instead of clicking a link, especially not for anything MS related. There has never been a time when I've entered data and it didn't do exactly what it should. I've also never been hacked on any other accounts. So why now, and why only this specifically? Madden has Ultimate Team cards, why not that too?