var json_comments = new Array("

$\"user-pic\"$

October 6, 2009 3:21 PM

Moderate | Flag for review

On Sunday Stepto the head of The Xbox live policy team said that they are indeed looking into it and specifically trying to make in console messages reportable. For now he said to email him at stepto[at]xbox.com(I think that's his email). He will pass any reports on to his staff for investigation. Also I recommend listening to the recent PAX podcast of the Major Nelson podcast it has the entirety of Stepto's panel at PAX on Xbox live policing and security.

4 replies

$\"user-pic\"$

October 6, 2009 5:28 PM

Moderate |Flag for review

@logicalnoise: Great info...kudos on being the first post.

$\"user-pic\"$

October 6, 2009 3:22 PM

Moderate |Flag for review

@logicalnoise: Also he says they monitor all scams on xbox live. Anotehr option is to make a thread on the offcial xbox forums(his staff monitors them all day).

$\"user-pic\"$

October 6, 2009 5:04 PM

Moderate |Flag for review

@logicalnoise: Good information, I am glad you got first post so people can see this.

$\"user-pic\"$

Miraluka

October 6, 2009 5:03 PM

Moderate |Flag for review

@logicalnoise: Right. He and his team are \"taking it very seriously.\"

$\"user-pic\"$

October 6, 2009 5:43 PM

Moderate |Flag for review

@Miraluka: if you listen to the podcast featuring the PAX panel you'd know that 95% of their jobs is analyzing user behavior and reacting appropriately. This is a new behavior and they are reacting appropriately. They already have a tool in the works for the next dash update and there are numerous ways of reporting phishing scams outside of the console environment.

","","

$\"user-pic\"$

custommadescare

October 6, 2009 3:27 PM

Moderate |Flag for review

Correct me if I'm wrong, but can't you limit your online correspondence to only the people that you are friends with?

/not 100% sure, but I've never had a phishing scam in the 5 years I've had the Live service.

10 replies

$\"user-pic\"$

October 6, 2009 4:49 PM

Moderate |Flag for review

@custommadescare:

Yes, you can. But in doing so you are sacrificing the ability to get messages from people you might want to in response to an issue that should addressed by MS.

Asking someone to limit their experience for something that should be fixed isn't the answer.

The option is there for people who want it. But for people who might want to hear from a guy they just spent an afternoon playing with don't want to turn the option off to fix MS's issue.

Your example would be like telling someone to just not use their air conditioning in their car because it makes an annoying squeal. Sure, turning off the air doesn't prevent you from using the car, and eliminates the annoyance, but it eliminates a feature in order to resolve an issue that should be fixed.

$\"user-pic\"$

custommadescare

October 6, 2009 5:46 PM

Moderate |Flag for review

@Murph1908: I thought friend requests were separate from the voice and messaging system though. I know I've gotten requests from people that I've never even gamed with before.

@Knippschild: Heh, and now the internet isn't fast enough for some people!

$\"user-pic\"$

October 6, 2009 4:30 PM

Moderate |Flag for review

@custommadescare: Once they phish one of your friends, they will use his account to send you phishing messsages. It spreads like wildfire once they get a toehold.

$\"user-pic\"$

October 6, 2009 3:47 PM

Moderate |Flag for review

@custommadescare: Yes, you can. I've got messages (and voice) set to friends-only. I catch a lot of flak on forums for it, but I frankly don't feel like listening to an idiot 12 year old trash talk me in Soul Calibur, or some mouth-breather playing Rock Band.

$\"user-pic\"$

October 6, 2009 5:29 PM

Moderate |Flag for review

@Brain.wav: +1 because mouth-breather is my favorite phrase. And so descriptive...

$\"user-pic\"$

October 6, 2009 3:51 PM

Moderate |Flag for review

@Brain.wav: I'm right there with you. Even more annoying though are the people with broken mics that don't know it. I've had to leave sessions because of it.

$\"user-pic\"$

custommadescare

October 6, 2009 3:40 PM

Moderate |Flag for review

@custommadescare: Oh, and why would you trust some alleged online gamer for cheats when you can easily find walkthroughs and cheats online?

$\"user-pic\"$

October 6, 2009 3:45 PM

Moderate |Flag for review

@custommadescare: people as a whole are very naive. And they want a quick fix.

$\"user-pic\"$

October 6, 2009 3:39 PM

Moderate |Flag for review

@custommadescare: I'm really not sure, but I've seen this happen before. This guy was in game chat, and i could hear him, but he wouldn't respond to me, or even acknowledge i was saying anything.

\"No no, I don't want to play Team SWAT\"

\"*switches* Okay is this one okay? --- Hello? Uh? Hello\"

\"I'm so excited to play!\"

I'm guessing it's parental control setting that sets you can communicate with you in-game and in-console (messages, etc).

$\"user-pic\"$

Kogenta

October 6, 2009 3:58 PM

Moderate |Flag for review

@Knippschild: I think they may just have had you muted... If you set com to friends only, doesn't it block your ability to send com to everyone else in game as well?

$\"user-pic\"$

October 6, 2009 4:57 PM

Moderate |Flag for review

@Kogenta: I don't think so. This kid keeps sending me party invites and game invites.

He sounds a little young, so I wouldn't be surprised if it is a parental control setting. I'm not sure how that works though as I never navigated through those screens.

$\"user-pic\"$

Kogenta

October 6, 2009 6:00 PM

Moderate |Flag for review

@Knippschild: I'm pretty sure that if parental controls are set to block non-friend voice chat, it's blocked in both directions. A quick glance over at the XBL pages says voice and text chat only has 3 settings. Allowed, Friends Only, or Blocked.

I'm banking on that either they had you on mute, had their volume set to minimum or were just ignoring you.

","

$\"user-pic\"$

October 6, 2009 3:35 PM

Moderate |Flag for review

I'm not seeing the MS responses as saying they don't care. I'm seeing them as saying they are working on the issue and plan to have a way to report it soon. I get that you think it's not fast enough, but there's no evidence they are lying.

4 replies

$\"user-pic\"$

October 6, 2009 5:31 PM

Moderate |Flag for review

@oceanstate: They shouldn't be making up responses, especially not ones that ultimately mean the client breaking the TOS. The first thing I was EVER taught when I worked in a call center? Do. Not. Make. Things. Up. Don't do it. You will get caught. You will look stupid. The client will be pissed. If you don't know something, ask. If the client isn't happy with your response, be sugary sweet and move on.

And if the CSR wasn't lying to him, why'd she offer him a solution that conflicted with the TOS, then hang up when he confronted her on it?

$\"user-pic\"$

October 6, 2009 6:00 PM

Moderate |Flag for review

@katstermonster: MS doesn't have a system in place to deal with this stuff yet, he knew that, and yet he called up to be belligerent (by his own admission!) with some poor CSR who he knows has no control over this problem.

He knew she couldn't help him, he just wanted to take out his frustration on someone. I'm not saying her lying was okay, but how long had he been badgering her about an issue he knew she couldn't help him with before she started saying whatever she could to get him off the phone.

OP's an ass, and I don't blame her for grasping at straws to get rid of him.

$\"user-pic\"$

October 6, 2009 7:29 PM

Moderate |Flag for review

@JennQPublic: To clarify, my idea of \"grasping at straws\" may include the following appropriate responses: direct the client to another department, direct the client to your manager, direct the client to a complaint form. She has every right to send him down a useless path (and trust me, sometimes it's the only way to get rid of this type of caller...the redirect!), she doesn't have a right to make stuff up that conflicts with existing policies.

$\"user-pic\"$

Stephmo

October 7, 2009 2:21 PM

Moderate |Flag for review

@katstermonster: So because this guy is the Veruca Salt of the Xbox Live world demanding that his report be followed up NOW - and the CSR is telling him how to file multiple reports for an incident that led to nothing - it's \"grasping at straws?\"

She didn't make up anything. You can have multiple gamer tags - I used to have 3, I now have 2 - and all of them come with their own reporting capability. I'm not sure what existing policy you think that is being broken. You can send a report about any communication you like.

The CSR knows that the report will be filed and followed up on, she was giving him a hint as to how it might move faster since he seemed to think his should be the top priority. Frankly, it's a pretty lame phishing attempt as described by the OP.

What I can't believe is that everyone believes that the obvious conclusion is that MS doesn't care about phishing and that the OP is 100% right. When MS really just doesn't have a pre-set drop-down in their reporting mechanism. Do you have any idea how many things they don't have specific things for under the drop down that go under vague headings?

You do realize that the code of conduct for XBox Live has had a long-standing rule against giving out your ID/PW to anyone for any reason, right? Or did you just state all of your \"knowledge\" of MS policy blind? Or maybe you think that there's a non-fraud-related reason to this policy? Frankly, it's a far-reaching fraud/cheat/boost covering rule - but why would you care about a rule that does more than one thing?

$\"user-pic\"$

October 6, 2009 7:26 PM

Moderate |Flag for review

@JennQPublic: I do blame her. She's a CSR, she has to deal with belligerent people every day, she needs to suck it up and do it correctly. And by my standards (and I've worked in IT customer service for 3.5 years now), he was barely scraping the surface of belligerent. Not saying it's okay for him to call up and be a jerk to someone he knows doesn't have control over it, but she is expected to deal with this every day, and she knew that when she took the job. She should also have been taught to not lie and not make things up. The end.

$\"user-pic\"$

October 6, 2009 4:19 PM

Moderate |Flag for review

@Knippschild: The CSR was most likely just trying to give the OP something to do. There's really nothing that can be done at this point, so she was reaching for anything that would get him off the phone.

What was she supposed to do? Go personally beat up the phisher?!?

$\"user-pic\"$

October 6, 2009 4:53 PM

Moderate |Flag for review

@JennQPublic: No. She was supposed to not provide advice that would result in the user breaking the terms of service..

","

$\"user-pic\"$

October 6, 2009 3:36 PM

Moderate |Flag for review

Well first off, as logicalnoise pointed out, Stephen Toulouse (sp?) who is in charge of policy enforcement (and possibly user operations?) said that next update there WILL be an added option to the report screen for phishing. Please keep in mind that you cannot add a report option for every possible reportable situation.

Also, Stepto has said that his team DOES read the forums. They don't reply to each thread, but they do read the forums. It's also possible they reach out to forumites via email rather than replying to the threads (i dont have any source for this, just a theory)

As for the CSR, he wasn't lying. Report them for cheating might be the \"most accurate\" way to describe what they are trying to do. They are trying to exploit users gaming credentials for personal gain. So, until there's a phishing option, perhaps that really is the best, most accurate report description.

The CSR who told you to make multiple accounts. Either that's completely BS, but for the sake of argument, I will say it's not. In that case, the CSR absolutely had no idea what she was talking about. Registering multiple accounts to report a user is against the terms of service. Even telling all your friends to file a complaint on a person is against the Terms of Service. This will actually also be a new report option (asking friends to report needlessly)

Also, it doesn't matter if one person or 500 people report a user. All reports get consolidated into one that is later reviewed by the team. So registering many accounts to do this would do nothing.

Your best bet is just to block all communications and keep on reporting.

2 replies

$\"user-pic\"$

October 6, 2009 6:46 PM

Moderate |Flag for review

@Knippschild: Im also a bit skeptical on the make multiple accounts. You cant report someone unless you were in a game with them or they sent a msg to that specific account so even if you made a million gold accounts you could still only report them on the original that got the message.

I think the OP is just trying to add a little extra drama to a true situation. Microsoft knows about phishing and they are probably working on it. There isnt much they can do and its not like they can just add an option into the dash without extensive testing. They dont want to break Xbox Live so you can report someone.

As for me, I've been on Live since 2002 (beta tester). I've never once gotten a phishing message. Must be lucky I guess.

$\"user-pic\"$

October 6, 2009 5:58 PM

Moderate |Flag for review

@Knippschild: It's only the most accurate way because they've got nothing that is accurate in dealing with a pretty widespread situation, though. It's simply a \"least worst\" option.

","","","","","

$\"user-pic\"$

Kimaroo - 100% Pure Natural Kitteh

October 6, 2009 3:48 PM

Moderate |Flag for review

Xbox customer service regarding fraud is horrible. I emailed them asking them to shut down an account made under one of my email addresses (As in, somebody out there created an Xbox live account with their name and everything, but used my email address instead of theirs.) and they sent me an email back saying something similar to \"We're sorry your Xbox live account was hacked; don't give out your password online, stupid.\"

So I took matters into my own hands, and had Xbox send the password for the account to me. Then I changed the email associated with the account to a mailinator account. THEN I figured out how to close the Windows Live account associated with my email address (it was a gmail address.)

So it may have bee an honest typo on the guy's part but I still think it was a scummy thing to do, and Xbox was NO help whatsoever.

4 replies

$\"user-pic\"$

October 6, 2009 6:47 PM

Moderate |Flag for review

@Kimaroo - 20% More Kitty Added!: Yes I'm sure they called you stupid...

$\"user-pic\"$

Kimaroo - 100% Pure Natural Kitteh

October 6, 2009 8:50 PM

Moderate |Flag for review

@parad0x360: Not specifically, no, but they might as well have. I sent them an email saying that someone had created an Xbox live account using my email address and they responded with this:

Hello Kim,

Thank you for contacting Microsoft online support for XBOX. I am Arnold and I will be helping you today with this issue.

As I understand it, your Xbox Live account was stolen and used your Windows Live ID.

We are very sorry to hear that your Xbox LIVE subscription has been compromised. Due to the sensitivity of this scenario, please give us a call.

To help keep your account information as secure as possible, we suggest that you do not share any personal information over an Xbox Live voice chat or game session. We have determined that this is the primary method by which customer accounts have been compromised.

It goes on from there. This response makes me wonder if they even read my email at all. It sounds very dismissive and condescending to me. I don't have an Xbox live account or even an xbox at all. I was very clear in my email to them as to what the problem was and they responded with a lecture.

$\"user-pic\"$

October 6, 2009 5:52 PM

Moderate |Flag for review

@Kimaroo - 20% More Kitty Added!: LOL. Rock on...that totally made my day!

$\"user-pic\"$

Kimaroo - 100% Pure Natural Kitteh

October 6, 2009 6:44 PM

Moderate |Flag for review

@katstermonster: Glad to oblidge : ) I changed the password on the account too, I have no idea if this person still plays or not, but they aren't going to be able to log in.

It had a physical address listed on the account as well, I would do evil things with that (legal, evil things.) but I have no way of knowing if that isn't some innocent person's address as well.

","

$\"user-pic\"$

LJKelley

October 6, 2009 3:49 PM

Moderate |Flag for review

Unfortunately this Phishing on the Xbox 360 is new. I've never have gotten one. Obviously I dare mention its against the terms to cheat, so someone who complies with their requests deserves their account taken away.

But beyond that, reporting them with what options you currently have is the best you can do. Receiving 3 in a day, just shows you cant expect to call and report all of them over the phone. Report them, and yes the more reports a gamertag gets the faster I assume someone will investigate them.

5 replies

$\"user-pic\"$

October 6, 2009 4:24 PM

Moderate |Flag for review

@LJKelley: A few people in my clan (shout out to Tactical Gaming!) got suckered in by the Modern Warfare 2 Beta phish a few months ago. That was the first I'd ever heard of it.

Once they take over an account, they use it to send a phishing message to all that account's friends. It spread pretty quickly.

But I did find it funny that everyone said their accounts were \"hacked\". It's not hacking if you give someone your password!

$\"user-pic\"$

October 6, 2009 4:20 PM

Moderate |Flag for review

@LJKelley: And even more on this. Having a read through the Xbox Account Suspensions forum where those who have been banned post all their 'but I didn't do anything wrong!' messages can be entertaining, and shows that Microsoft actually does pay attention.

One of the ones posted recently was from somebody whose 'friend' seemed to know a lot of different gamertags and passwords, when suddenly their console couldn't connect to Live. They got banned (permanently) from connecting to Live for benefiting from phishing.

$\"user-pic\"$

October 6, 2009 4:08 PM

Moderate |Flag for review

@LJKelley: no MS gets all reports in the order they get them and any multiple reports just get lumped into the same file and they read them all at once. 1 report works as well as 100.

$\"user-pic\"$

LJKelley

October 6, 2009 3:51 PM

Moderate |Flag for review

@LJKelley: Also, might I add. This heading/title is 100% false and you have no proof other than hearsay. The fact is Microsoft does have a reporting tool, granted not a perfectly up to date tool. But just even a minor investigation would show that Major Nelson and others are aware and that updates are planned to address this. To claim this is a 'blind eye' is pure blogging FAIL.

$\"user-pic\"$

Trai_Dep

October 6, 2009 5:51 PM

Moderate |Flag for review

@LJKelley: Phishing has been around for eons. For Microsoft not to have something in place now is malpractice. Or simply not caring about their customers.
Or (OMG!) the children!

","","","

$\"user-pic\"$

Mike8813

October 6, 2009 3:56 PM

Moderate |Flag for review

The only unsolicited messages I've seen were ones that my wife got a couple of years back. Some guy we'd never heard of started sending her valuable pinatas in Viva Pinata, and filling her inbox with messages. (Yes, I played a game called Viva Pinata)

I didn't think that gamertags were user-searchable... Are they? Is it like the old AOL in that you can search for female/age, and then stalk them? We never figured that one out.

6 replies

$\"user-pic\"$

October 6, 2009 5:02 PM

Moderate |Flag for review

@Mike8813:
Nothing wrong with playing Viva Pinata, I own both games and I'll be damned if it isn't fun as hell!

$\"user-pic\"$

October 6, 2009 4:27 PM

Moderate |Flag for review

@Mike8813: I don't think they're searchable, but once they find out you are female, some bored guys will follow you around. Forever.

$\"user-pic\"$

October 7, 2009 11:27 PM

Moderate |Flag for review

@JennQPublic: I also don't believe profiles are searchable, plus there are Facebook-like levels (insert joke here) of privacy for your profile: everyone, friends only, and nobody.

In terms of ASL, A and S are also not part of your profile, although if you choose an avatar that matches your sex, someone who sees it will guess it's like you. (I don't have a location listed in my profile. I rarely play online and almost always only with RL friends; pretty much if I'm playing with/against you, you already know my location.)

Same thing applies to your gamertag: if you are female and choose a gamertag that is even vaguely female, some people will assume you're female, and I would guess if you play online, it'll attract the droolbots, especially if you say something. (As a guy with cool friends, I can't vouch for this from personal experience, only from second-hand knowledge.)

Which sucks for those of us who actually prefer a balanced gaming environment. I don't think women should have to keep silent just so the droolbots aren't constantly proposing to them or using derogatory terms about the women who are repeatedly killing them in COD or Halo or whatever.

Oh yes, I also have Viva Piñata, and I do like it! I haven't played it in a while, though. Too many other games ...

$\"user-pic\"$

Kimaroo - 100% Pure Natural Kitteh

October 6, 2009 3:59 PM

Moderate |Flag for review

@Mike8813: I long to play Viva Pinata. I've heard that it's really fun. I will have to buy it for PC though, when the price is right.

$\"user-pic\"$

October 6, 2009 4:09 PM

Moderate |Flag for review

@Kimaroo - 20% More Kitty Added!: it's 50% virtual pet and 50% zen garden. Lots of fun but ironically i stopped playing because I was too busy with other stuff.

$\"user-pic\"$

Mike8813

October 6, 2009 4:01 PM

Moderate |Flag for review

@Kimaroo - 20% More Kitty Added!: Be warned, it's insanely addictive. Beneath the cutesy exterior is a great game, trust me. I think both the original and the sequel can be had for $20 each, so give it a shot!

","","","","","","

$\"user-pic\"$

October 6, 2009 4:11 PM

Moderate |Flag for review

@Brain.wav: I think even worse was in NHL 09, we used to play team games...and the other team's audio would start coming across...we'd be sitting there listening to them talk smack about us in Czech or German...very frustrating.

","","","","","","","","","","","","

$\"user-pic\"$

corinthos

October 6, 2009 5:05 PM

Moderate |Flag for review

I got an email to an email account not associated with my xbox account the other day. It said something along the lines of thanks for using your visa card please click the link below to verify your account for your 300 ms points. I remember I also got something like that for 1 vs 100.
Almost got me because I did take part in the visa promo. I set up my live account username as something different than my xbox username though.

Also there is a guy who plays aegis wings who will send you a message to help you get achievement points. By help he means let him have you password so he can get them for you. I've reported him 3 times. Don't know if he still plays.

","

$\"user-pic\"$

October 6, 2009 5:09 PM

Moderate |Flag for review

the problem here isn't that MS doesn't care about phishing, the problem is that their customer service number is of no use to anyone.

A long while back, somewhere between 2006 and 2007 MS actually did a large training initiative where everyone in customer service was retrained about how to spot a scam, and who not to give account info to in order to protect account holders.

In lieu of calling the 800 number when you get a phishing email, first report them in game. It doesn't really matter what for - probably abusive communication. The point here is to draw attention to them. The team in charge of enforcing the TOS will have a look at their account, see the suspicious activity, and shut them down.

Additionally, you may want to post info about the experience on the Xbox.com forums so other users can be aware of the issue. You might help someone else avoid having their account stolen.

Lastly, if all else fails, contact Stephen Toulouse. He's the Director of Policy and Enforcement for Xbox LIVE, and an all around good guy. shoot him a message on twitter [twitter.com] and chances are he'll help you out.

Like I said, it's not that MS doesn't care, it's just that calling the 800 number isn't the right way to get anything done.

","

$\"user-pic\"$

Rask

October 6, 2009 5:14 PM

Moderate |Flag for review

The Xbox response to phishing has been as good as some banks as far as I'm noticing. The issue is that their CSR policies regaring phone-in questions are build to avoid as much social engineering as possible.

MS has a vested interest in making Xbox Live as safe and enjoyable as possible, I'm positive they are working as hard as they can to make this happen. (I've also listened to Stepto talk about what his team does a couple of times through podcasts and online, they are smart people fighting a really hard battle against scammers. )

I find it hilarious that the Consumerist will run this type of phishing story against Microsoft to cast them in a bad light and anytimes phishing is mentionned in another story, they use it to attempt to educate people.

","

$\"user-pic\"$

Taliskan

October 6, 2009 5:20 PM

Moderate |Flag for review

In my 5 years of XBL I have never had this problem...

...however this is like tackling all those emails I get from foreign dignitaries who want me to help them transfer some funds. Or the gold spammers in WoW.

All you can do is block or report the spammer/phisher. You'll never get rid of them - XBL, email, what have you. Just because XBL doesn't have \"Crucify this phisher\" button doesn't mean the problem is being ignored, it's just much harder and larger to tackle than one would think.

","

$\"user-pic\"$

October 6, 2009 5:24 PM

Moderate |Flag for review

@Knippschild: No, if it was parental control, you wouldn't hear him either. He could have the voice volumne turned all the way down. Or he could just be an idiot. All things considered, the latter is probably true.

","","","

$\"user-pic\"$

Rask

October 6, 2009 5:31 PM

Moderate |Flag for review

Oh.. And when Microsoft ascertain that someone is a phisher, they normally ban the account AND the console. Meaning that the person doing the phishing has to buy a new 360 and register a new account just to get started again.

The phishing going on thruogh the web however is another story.

1 replies

$\"user-pic\"$

October 6, 2009 6:00 PM

Moderate |Flag for review

@Rask: Can they really? That's so awesome. SO awesome.

","","

$\"user-pic\"$

Cant_stop_the_rock

October 6, 2009 5:40 PM

Moderate |Flag for review

If you had bothered to contact Microsoft, or even if you had done a Google search, you'd know that Microsoft IS fighting back pretty hard against the phishers. The advice to file a complaint is good advice, though I think it makes more sense to file the complaint under the inappropriate text message category.

Microsoft does investigate all of the complaints they receive via Xbox Live; it really is the best way to report this kind of thing. They will read the message, and they will take action. Usually that involves banning the gamertag or even banning the console the message was sent from. They also work proactively to detect phishers, and they warn users via text messages on Xbox Live and in-game messages (anyone who plays Halo 3 knows that your password will NOT get you Recon armor). I've also heard Stepto on several different gaming podcasts warning people about phishing and talking about how they handle it.

No, Microsoft doesn't turn a blind eye to phishing. That's a complete misrepresentation of reality. I won't call it a lie, because I believe that you honestly don't know what you're talking about.

","","","

$\"user-pic\"$

Trai_Dep

October 6, 2009 5:49 PM

Moderate |Flag for review

Does anyone want to bet that if some scammer came up with a way to deprive Microsoft's money & time, they'd have it addressed, patched and fixed within 24 hours?
Once Microsoft has your money, they really don't care.

","","","","","","","","","","

$\"user-pic\"$

Munchie

October 6, 2009 6:49 PM

Moderate |Flag for review

All this talk makes me wonder what will happen with greifers. People who you piss off in game by beating them. So they will report you as a phisher in an attempt to get you banned.

1 replies

$\"user-pic\"$

Cant_stop_the_rock

October 6, 2009 9:40 PM

Moderate |Flag for review

Great question! Since I actually know what I'm talking about, I'll answer it. Microsoft investigates the complaints they receive, so someone can't lie and get you in trouble for something you didn't do. Additionally, people who repeatedly make unsubstantiated complaints eventually reach the point where they're more or less ignored entirely.

","

$\"user-pic\"$

October 6, 2009 6:54 PM

Moderate |Flag for review

These are not hacked accounts. The people knowingly gave their usernames and passwords away.

The only issue here is that microsoft doesn't have a way to file complaints for fishing attempts. But that most likely won't save many. As the people who give up their account info would lose access to their accounts before they can file a complaint.

","

$\"user-pic\"$

October 6, 2009 6:55 PM

Moderate |Flag for review

I find it funny that MS has been thus far, more concerned with catching achievement boosters and cheaters more than any security risks that incur real monetary loss or account compromise.

Then again, this is a company that took 4 years to stabilize their hardware, is still unable to disconnect an account with an associated credit card, and created their own monetary system that purposely uses an obtuse valuation of points per dollar with uneven pricing based on your point of purchase. (ie 1600 points for $20 in a store, or 1000 points for $12.50 online?). It's amazing they've found any traction in the industry and if not for all the ease of development for publishers, MS should be out of business.

2 replies

$\"user-pic\"$

October 6, 2009 8:48 PM

Moderate |Flag for review

@dvddesign: I dont use live but the math seems correct on MS's side. 1600 for $20 is 80 points per dollar. 1000 for $12.50 also works out to 80 points per dollar. confusing but equal

$\"user-pic\"$

October 6, 2009 7:28 PM

Moderate |Flag for review

@dvddesign: First off MS has been concerned with anyone who violates the TOS. The first wave of bannings was for modders. Now bannings can be caused by cheating, glitching, boosting, phishing, inappropriate behavior(see nude UNO). From day one xbox live was policed. HW problems aside 360 has always had a great software platform. That's why it's remained a player. good software running the system and good support from devs because of that.

","

$\"user-pic\"$

b4k4

October 6, 2009 6:58 PM

Moderate |Flag for review

The problem here isn't that they aren't doing enough to fight phishing, but that their phone support sucks. I refuse to call that outsourced crap they call support if I can avoid it.

Love my Xbox Live, and the guys over in Redmond do some great work, but their phone support is a steaming pile of shit

","","","","

$\"user-pic\"$

TheOrtega

October 6, 2009 7:53 PM

Moderate |Flag for review

Im sorry but if you give out your information to someone over the internet you deserve to be scammed. How many articles have to be written that say not to? This is a user problem 100% If I ask for your SS and credit card info on the street would you be mad at the credit card company for not protecting you?
Click ignore on the people that send you such messages and file a harassment complaint. AOL and many other services had/have the same problems. Sometimes even worse, anyone remember AOL(old school dial up only days AOL) there was a hacked IM thing-e that would send 1000 IM's in a few seconds crippling the other users computer? There is the same problem on Sony's PSN where people game share. When your loading a game in Halo or Halo ODST they explicitly tell you NOT TO give out your information!

","","","","

$\"user-pic\"$

Scazza

October 6, 2009 11:13 PM

Moderate |Flag for review

So I have been using XBL since beta, I get \"phishing\" messages about once ever month or two.

I have been using facebook for 3 years, and get phising emails and messages every few hours.

I have been using hotmail for 10 years, and get spam emails every few minutes

I have been using gmail since beta and get spam every few minutes.

Welcome to the internet.

","

$\"user-pic\"$

October 7, 2009 1:01 AM

Moderate |Flag for review

The Microsoft CSR's can't do jack didly about that kind of stuff. Best thing to do is to contact Stephen Tolouse (sp?), gamertag and Twitter name stepto, who is the head of XBox Live Enforcement. There's also special forums on XBox.com about this that are handled by Stepto's team specifically.

As others have notated in the comments, he's on Major Nelson (Larry Hyrb Director of XBox Programming and unofficial XBox ombudsman) podcast almost every week now talking about this kind of stuff and educating people on what not to do and tell their friends about it.

The panel on XBox Live Enforcement from the Penny Arcade Expo is available in its entirety on Major Nelson's podcast feed and is a must listen for anyone concerned about this.

If the editors here sent out a request for an interview, I'm sure Stepto would be more than happy to do it as he's been on several different non-MS podcasts about these types of isues. Really MS does a lot more about this than Sony, but since MS has a 2-to-1 advantage in user base, they aren't called out about it as much.

Nintendo of course has it's stupid friend code system that limits the amount of griefing and account hacking going on because no one wants to deal with different codes per friend and different codes per game.

","

$\"user-pic\"$

DustoMan

October 7, 2009 1:50 AM

Moderate |Flag for review

Just curious Consumerist? Do you do any kind of research before posting articles like this? Or do you just put these articles up to get traffic to your website? When you posted about the guy who was forced to change his profile because it mentioned he was gay, Stephen Toulouse contacted you and the person your tip came from. Maybe it's a good idea to add Director of Policy and Enforcement for Xbox LIVE to your address book for future reference.

","

$\"user-pic\"$

October 7, 2009 5:00 AM

Moderate |Flag for review

What does this person want? A live webcam feed of them dispatching a swat team to the culprit's house and beating the crap out of him?

They're working on it.

","

$\"user-pic\"$

nstonep

October 7, 2009 6:37 AM

Moderate |Flag for review

Generally speaking, Microsoft is extremely vigilant on xbox live. I would bet my money on the fact that they record every single communication from users (audio included) and store it. It's probably in the user agreement which they change frequently as well. It's probably a \"windows live\" user(s) that is cloning mac addresses which may take them a while to track down. If it's an XBOX user they can probably do it in 10 minutes.

","","");