Feeds

Targeted phish frags XBox gamers

Microsoft warns Modern Warfare 2 players not to eat the 'subtle' phish

High performance access to file storage

Updated Microsoft has warned users of Xbox Live to be wary of targeted phishing scams that attempt to hoodwink users into handing over their gamer tags and passwords.

Phishing, fake point generators that actually contain malware and various other forms of nastiness are nothing new in the world of online gaming. The latest scam differentiates itself because it is more carefully targeted and subtle than most such scams.

Gamers are induced to hand over their login credentials while playing the popular first-person shooter Modern Warfare 2 via "title specific messages", Microsoft warns via a status update on its Xbox Support Web site.

Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2.

We are aware of the problem and are working to resolve the issue. We apologize for any inconvenience this may cause and thank you for your patience.

Microsoft can educate users about phishing perils and perhaps make attempts to filter out rogue messages but the primary responsibility to avoid such scams lies with users.

The scam appears to rely on a game mod that allows users to post chat messages onscreen that resemble those posted ingame by developers. These messages link to a phishing website that invite users to hand over their login credentials, as explained in a blog post by GFI Software's Chris Boyd here.

"Keep in mind that you should NEVER give out your login credentials ingame," he warns.

The XBox phishing alert comes against the backdrop of a far more serious compromise of the PlayStation Network, which resulted in the potential exposure of the personal data of 70 million users. Sony admits that credit card information may have been compromised by the hack attack, which has left its network offline for days. Sony said credit card data was encrypted. However the names, addresses, email addresses and dates of birth of gamers have been confirmed to have been exposed, which is bad enough on its own. ®

High performance access to file storage

More from The Register

next story
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nvidia gamers hit trifecta with driver, optimizer, and mobile upgrades
Li'l Shield moves up to Android 4.4.2 KitKat, GameStream comes to notebooks
AMD unveils Godzilla's graphics card – 'the world's fastest, period'
The Radeon R9 295X2: Water-cooled, 5,632 stream processors, 11.5TFLOPS
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
NORKS' own smartmobe pegged as Chinese landfill Android
Fake kit in the hermit kingdom? That's just Kim Jong-un-believable!
Gimme a high S5: Samsung Galaxy S5 puts substance over style
Biometrics and kid-friendly mode in back-to-basics blockbuster
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.