Targeted phish frags XBox gamers
Microsoft warns Modern Warfare 2 players not to eat the 'subtle' phish
Updated Microsoft has warned users of Xbox Live to be wary of targeted phishing scams that attempt to hoodwink users into handing over their gamer tags and passwords.
Phishing, fake point generators that actually contain malware and various other forms of nastiness are nothing new in the world of online gaming. The latest scam differentiates itself because it is more carefully targeted and subtle than most such scams.
Gamers are induced to hand over their login credentials while playing the popular first-person shooter Modern Warfare 2 via "title specific messages", Microsoft warns via a status update on its Xbox Support Web site.
Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2.
We are aware of the problem and are working to resolve the issue. We apologize for any inconvenience this may cause and thank you for your patience.
Microsoft can educate users about phishing perils and perhaps make attempts to filter out rogue messages but the primary responsibility to avoid such scams lies with users.
The scam appears to rely on a game mod that allows users to post chat messages onscreen that resemble those posted ingame by developers. These messages link to a phishing website that invite users to hand over their login credentials, as explained in a blog post by GFI Software's Chris Boyd here.
"Keep in mind that you should NEVER give out your login credentials ingame," he warns.
The XBox phishing alert comes against the backdrop of a far more serious compromise of the PlayStation Network, which resulted in the potential exposure of the personal data of 70 million users. Sony admits that credit card information may have been compromised by the hack attack, which has left its network offline for days. Sony said credit card data was encrypted. However the names, addresses, email addresses and dates of birth of gamers have been confirmed to have been exposed, which is bad enough on its own. ®
Sponsored: Data Loss Prevention & Data Theft Prevention