All to often you see and hear forum boards/chat sites and even with friends and social peers, exclaims of ‘My Account has been hacked’. In this article i will try and cover all Xbox Phishing Techniques and hopefully explain methodology and prevention.
When you come across somebody who has been allegedly ‘Hacked’ nine times out of ten they havent been hacked, they have been a victim of a phishing scam.
What is a Phishing Scam ?
A phishing scam is an attempt to draw users account information directly from the user themselves by deceiving the user with a unbelivable offer/freebie or a oppertunity to gain advantage over somebody. For instance when talking about Xbox Phishing one of todays most used methods is the old “Free Microsoft Points/Live Generator” in which the program offers to provide you with free Microsoft points, in this case you will often see that in order to receive the points/codes you will have to sign in using your Hotmail Account. This is where the Phisher’s automatically take your data and send it on to their own email address and recovering your account.
Examples of Xbox Phishing
So here we have an example of a “Xbox Supervisor” stating that;
Hello there mintcreg,We have received information that your account has been compromised. Please forward your Hotmail Account & Password to verify your identity.
without having to go into further detail we can see that this obviously is a fake email due to the wording.
Here is another example of “Xbox Phishing” which is when an email is sent with deceiving text that makes the recipient think that their account is being reviewed or under suspension. When in actual fact the “xbox.com” link reverts to a url such as http://www.phishingwebsite.com.
Never will Xbox or any other company for that matter, contact you in a manner of “aggression” in order to complete a mandatory task in regards to their service.
Here’s a checklist to find out if the email is genuine:
- Check the email sender (abuse-@-microsoft.com)
- Check the wording (spelling mistakes)
- Make sure they’re able to state your name (they will have this on file)
- Check where the links take you to (not by clicking, just by hovering over or right-click properties)
If after you have completed this checklist and they fail, view xbox.com/support click on the link titled “Troubleshooting Access to your Xbox Live Account,” and perform the steps outlined
This method is one of the main contenders for any phishing scam. This is the method that will often catch some of the smarter fish out, this is due to being “baited”.
For this method to work with Xbox, we need something to lure our catch into our net and with Xbox you will see that as “Free Microsoft Points/Free Xbox Live/Xbox Cheats Free” and in so many different forms.
There are 3 main (and i stress on main, due to the countless ways this can be done) ways this can be done.
- Using a fake Xbox website or website that requires an email login.
- Using a program that offers “Free Microsoft Points” but instead passes the details on.
- Using emails in order to “scare” people into passing there details unknowingly to you.
Here we can see a very basic Xbox Phisher. In this program it asks you to login with your account details and select your free item, being 800 MS Points, 1600 MS Points or 4000 MS Points and in actual fact these are null values.
However, the email and password details link into a form which are then sent of thought to the phisher’s email address via SMTP. Generally these programs are written by “newbies” and are made in VB which are left unencrypted and with the correct tools reverse social engineering is in play.
To recap the main points we covered in this article were:
- What is a Phishing Scam ?
- How phishing is performed
- What to do if you’re a victim
- Main types of phishing
If you have been effected by any of the above techniques try to stay calm and take down as much detail as you can about the program/email/message and any more information as it can be useful to Xbox in order to track down and stop this type of behaviour.