In terms of ASL, A and S are also not part of your profile, although if you choose an avatar that matches your sex, someone who sees it will guess it's like you. (I don't have a location listed in my profile. I rarely play online and almost always only with RL friends; pretty much if I'm playing with/against you, you already know my location.)

Same thing applies to your gamertag: if you are female and choose a gamertag that is even vaguely female, some people will assume you're female, and I would guess if you play online, it'll attract the droolbots, especially if you say something. (As a guy with cool friends, I can't vouch for this from personal experience, only from second-hand knowledge.)

Which sucks for those of us who actually prefer a balanced gaming environment. I don't think women should have to keep silent just so the droolbots aren't constantly proposing to them or using derogatory terms about the women who are repeatedly killing them in COD or Halo or whatever.

Oh yes, I also have Viva Piñata, and I do like it! I haven't played it in a while, though. Too many other games ...

She didn't make up anything. You can have multiple gamer tags - I used to have 3, I now have 2 - and all of them come with their own reporting capability. I'm not sure what existing policy you think that is being broken. You can send a report about any communication you like.

The CSR knows that the report will be filed and followed up on, she was giving him a hint as to how it might move faster since he seemed to think his should be the top priority. Frankly, it's a pretty lame phishing attempt as described by the OP.

What I can't believe is that everyone believes that the obvious conclusion is that MS doesn't care about phishing and that the OP is 100% right. When MS really just doesn't have a pre-set drop-down in their reporting mechanism. Do you have any idea how many things they don't have specific things for under the drop down that go under vague headings?

You do realize that the code of conduct for XBox Live has had a long-standing rule against giving out your ID/PW to anyone for any reason, right? Or did you just state all of your "knowledge" of MS policy blind? Or maybe you think that there's a non-fraud-related reason to this policy? Frankly, it's a far-reaching fraud/cheat/boost covering rule - but why would you care about a rule that does more than one thing?

They're working on it.

As others have notated in the comments, he's on Major Nelson (Larry Hyrb Director of XBox Programming and unofficial XBox ombudsman) podcast almost every week now talking about this kind of stuff and educating people on what not to do and tell their friends about it.

The panel on XBox Live Enforcement from the Penny Arcade Expo is available in its entirety on Major Nelson's podcast feed and is a must listen for anyone concerned about this.

If the editors here sent out a request for an interview, I'm sure Stepto would be more than happy to do it as he's been on several different non-MS podcasts about these types of isues. Really MS does a lot more about this than Sony, but since MS has a 2-to-1 advantage in user base, they aren't called out about it as much.

Nintendo of course has it's stupid friend code system that limits the amount of griefing and account hacking going on because no one wants to deal with different codes per friend and different codes per game.

I have been using facebook for 3 years, and get phising emails and messages every few hours.

I have been using hotmail for 10 years, and get spam emails every few minutes

I have been using gmail since beta and get spam every few minutes.

Welcome to the internet.

Great question! Since I actually know what I'm talking about, I'll answer it. Microsoft investigates the complaints they receive, so someone can't lie and get you in trouble for something you didn't do. Additionally, people who repeatedly make unsubstantiated complaints eventually reach the point where they're more or less ignored entirely.

Hello Kim,
 
Thank you for contacting Microsoft online support for XBOX. I am Arnold and I will be helping you today with this issue.
 
As I understand it, your Xbox Live account was stolen and used your Windows Live ID.
 
We are very sorry to hear that your Xbox LIVE subscription has been compromised. Due to the sensitivity of this scenario, please give us a call.
 
To help keep your account information as secure as possible, we suggest that you do not share any personal information over an Xbox Live voice chat or game session. We have determined that this is the primary method by which customer accounts have been compromised.

@dvddesign: I dont use live but the math seems correct on MS's side. 1600 for $20 is 80 points per dollar. 1000 for $12.50 also works out to 80 points per dollar. confusing but equal

Love my Xbox Live, and the guys over in Redmond do some great work, but their phone support is a steaming pile of shit

Then again, this is a company that took 4 years to stabilize their hardware, is still unable to disconnect an account with an associated credit card, and created their own monetary system that purposely uses an obtuse valuation of points per dollar with uneven pricing based on your point of purchase. (ie 1600 points for $20 in a store, or 1000 points for $12.50 online?). It's amazing they've found any traction in the industry and if not for all the ease of development for publishers, MS should be out of business.

The only issue here is that microsoft doesn't have a way to file complaints for fishing attempts. But that most likely won't save many. As the people who give up their account info would lose access to their accounts before they can file a complaint.

I think the OP is just trying to add a little extra drama to a true situation. Microsoft knows about phishing and they are probably working on it. There isnt much they can do and its not like they can just add an option into the dash without extensive testing. They dont want to break Xbox Live so you can report someone.

As for me, I've been on Live since 2002 (beta tester). I've never once gotten a phishing message. Must be lucky I guess.

@katstermonster: Glad to oblidge : ) I changed the password on the account too, I have no idea if this person still plays or not, but they aren't going to be able to log in.

It had a physical address listed on the account as well, I would do evil things with that (legal, evil things.) but I have no way of knowing if that isn't some innocent person's address as well.

I'm banking on that either they had you on mute, had their volume set to minimum or were just ignoring you.

He knew she couldn't help him, he just wanted to take out his frustration on someone. I'm not saying her lying was okay, but how long had he been badgering her about an issue he knew she couldn't help him with before she started saying whatever she could to get him off the phone.

OP's an ass, and I don't blame her for grasping at straws to get rid of him.

@Rask: Can they really? That's so awesome. SO awesome.

@Kimaroo - 20% More Kitty Added!: LOL. Rock on...that totally made my day!

@Knippschild: Heh, and now the internet isn't fast enough for some people!

Microsoft does investigate all of the complaints they receive via Xbox Live; it really is the best way to report this kind of thing. They will read the message, and they will take action. Usually that involves banning the gamertag or even banning the console the message was sent from. They also work proactively to detect phishers, and they warn users via text messages on Xbox Live and in-game messages (anyone who plays Halo 3 knows that your password will NOT get you Recon armor). I've also heard Stepto on several different gaming podcasts warning people about phishing and talking about how they handle it.

No, Microsoft doesn't turn a blind eye to phishing. That's a complete misrepresentation of reality. I won't call it a lie, because I believe that you honestly don't know what you're talking about.

@oceanstate: They shouldn't be making up responses, especially not ones that ultimately mean the client breaking the TOS. The first thing I was EVER taught when I worked in a call center? Do. Not. Make. Things. Up. Don't do it. You will get caught. You will look stupid. The client will be pissed. If you don't know something, ask. If the client isn't happy with your response, be sugary sweet and move on.

And if the CSR wasn't lying to him, why'd she offer him a solution that conflicted with the TOS, then hang up when he confronted her on it?

Oh.. And when Microsoft ascertain that someone is a phisher, they normally ban the account AND the console. Meaning that the person doing the phishing has to buy a new 360 and register a new account just to get started again.

The phishing going on thruogh the web however is another story.

@Brain.wav: +1 because mouth-breather is my favorite phrase. And so descriptive...

@logicalnoise: Great info...kudos on being the first post.

In my 5 years of XBL I have never had this problem...

...however this is like tackling all those emails I get from foreign dignitaries who want me to help them transfer some funds. Or the gold spammers in WoW.

All you can do is block or report the spammer/phisher. You'll never get rid of them - XBL, email, what have you. Just because XBL doesn't have "Crucify this phisher" button doesn't mean the problem is being ignored, it's just much harder and larger to tackle than one would think.

The Xbox response to phishing has been as good as some banks as far as I'm noticing. The issue is that their CSR policies regaring phone-in questions are build to avoid as much social engineering as possible.

MS has a vested interest in making Xbox Live as safe and enjoyable as possible, I'm positive they are working as hard as they can to make this happen. (I've also listened to Stepto talk about what his team does a couple of times through podcasts and online, they are smart people fighting a really hard battle against scammers. )

I find it hilarious that the Consumerist will run this type of phishing story against Microsoft to cast them in a bad light and anytimes phishing is mentionned in another story, they use it to attempt to educate people.

A long while back, somewhere between 2006 and 2007 MS actually did a large training initiative where everyone in customer service was retrained about how to spot a scam, and who not to give account info to in order to protect account holders.

In lieu of calling the 800 number when you get a phishing email, first report them in game. It doesn't really matter what for - probably abusive communication. The point here is to draw attention to them. The team in charge of enforcing the TOS will have a look at their account, see the suspicious activity, and shut them down.

Additionally, you may want to post info about the experience on the Xbox.com forums so other users can be aware of the issue. You might help someone else avoid having their account stolen.

Lastly, if all else fails, contact Stephen Toulouse. He's the Director of Policy and Enforcement for Xbox LIVE, and an all around good guy. shoot him a message on twitter [twitter.com] and chances are he'll help you out.

Like I said, it's not that MS doesn't care, it's just that calling the 800 number isn't the right way to get anything done.

I got an email to an email account not associated with my xbox account the other day. It said something along the lines of thanks for using your visa card please click the link below to verify your account for your 300 ms points. I remember I also got something like that for 1 vs 100.
Almost got me because I did take part in the visa promo. I set up my live account username as something different than my xbox username though.

Also there is a guy who plays aegis wings who will send you a message to help you get achievement points. By help he means let him have you password so he can get them for you. I've reported him 3 times. Don't know if he still plays.

He sounds a little young, so I wouldn't be surprised if it is a parental control setting. I'm not sure how that works though as I never navigated through those screens.

Yes, you can. But in doing so you are sacrificing the ability to get messages from people you might want to in response to an issue that should addressed by MS.

Asking someone to limit their experience for something that should be fixed isn't the answer.

The option is there for people who want it. But for people who might want to hear from a guy they just spent an afternoon playing with don't want to turn the option off to fix MS's issue.

Your example would be like telling someone to just not use their air conditioning in their car because it makes an annoying squeal. Sure, turning off the air doesn't prevent you from using the car, and eliminates the annoyance, but it eliminates a feature in order to resolve an issue that should be fixed.

Once they take over an account, they use it to send a phishing message to all that account's friends. It spread pretty quickly.

But I did find it funny that everyone said their accounts were "hacked". It's not hacking if you give someone your password!

One of the ones posted recently was from somebody whose 'friend' seemed to know a lot of different gamertags and passwords, when suddenly their console couldn't connect to Live. They got banned (permanently) from connecting to Live for benefiting from phishing.

What was she supposed to do? Go personally beat up the phisher?!?

@Brain.wav: I think even worse was in NHL 09, we used to play team games...and the other team's audio would start coming across...we'd be sitting there listening to them talk smack about us in Czech or German...very frustrating.

@Mike8813: I long to play Viva Pinata. I've heard that it's really fun. I will have to buy it for PC though, when the price is right.

I didn't think that gamertags were user-searchable... Are they? Is it like the old AOL in that you can search for female/age, and then stalk them? We never figured that one out.

@LJKelley: Also, might I add. This heading/title is 100% false and you have no proof other than hearsay. The fact is Microsoft does have a reporting tool, granted not a perfectly up to date tool. But just even a minor investigation would show that Major Nelson and others are aware and that updates are planned to address this. To claim this is a 'blind eye' is pure blogging FAIL.

Unfortunately this Phishing on the Xbox 360 is new. I've never have gotten one. Obviously I dare mention its against the terms to cheat, so someone who complies with their requests deserves their account taken away.

But beyond that, reporting them with what options you currently have is the best you can do. Receiving 3 in a day, just shows you cant expect to call and report all of them over the phone. Report them, and yes the more reports a gamertag gets the faster I assume someone will investigate them.

Xbox customer service regarding fraud is horrible. I emailed them asking them to shut down an account made under one of my email addresses (As in, somebody out there created an Xbox live account with their name and everything, but used my email address instead of theirs.) and they sent me an email back saying something similar to "We're sorry your Xbox live account was hacked; don't give out your password online, stupid."

So I took matters into my own hands, and had Xbox send the password for the account to me. Then I changed the email associated with the account to a mailinator account. THEN I figured out how to close the Windows Live account associated with my email address (it was a gmail address.)

So it may have bee an honest typo on the guy's part but I still think it was a scummy thing to do, and Xbox was NO help whatsoever.

"No no, I don't want to play Team SWAT"

"*switches* Okay is this one okay? --- Hello? Uh? Hello"

"I'm so excited to play!"

I'm guessing it's parental control setting that sets you can communicate with you in-game and in-console (messages, etc).

Also, Stepto has said that his team DOES read the forums. They don't reply to each thread, but they do read the forums. It's also possible they reach out to forumites via email rather than replying to the threads (i dont have any source for this, just a theory)

As for the CSR, he wasn't lying. Report them for cheating might be the "most accurate" way to describe what they are trying to do. They are trying to exploit users gaming credentials for personal gain. So, until there's a phishing option, perhaps that really is the best, most accurate report description.

The CSR who told you to make multiple accounts. Either that's completely BS, but for the sake of argument, I will say it's not. In that case, the CSR absolutely had no idea what she was talking about. Registering multiple accounts to report a user is against the terms of service. Even telling all your friends to file a complaint on a person is against the Terms of Service. This will actually also be a new report option (asking friends to report needlessly)

Also, it doesn't matter if one person or 500 people report a user. All reports get consolidated into one that is later reviewed by the team. So registering many accounts to do this would do nothing.

Your best bet is just to block all communications and keep on reporting.

I'm not seeing the MS responses as saying they don't care. I'm seeing them as saying they are working on the issue and plan to have a way to report it soon. I get that you think it's not fast enough, but there's no evidence they are lying.

/not 100% sure, but I've never had a phishing scam in the 5 years I've had the Live service.