Videogames: January 2009 Archives

How Old?

| | Comments (1)
This XBox Live phish attempt caught my eye:

flu0.gif
Click to Enlarge

It's a lot better looking than many of the others I see, and the phisher took the time to make a fake screenshot to impress you with all the fake money he (doesn't) have. The most interesting thing about it for me is that it references another domain ("Runeflux.com"). Usually they're pretty anonymous.

Anyway, I decided to check out the domain - there's nothing there, could it have been taken down? Well, a quick search later and we have this (rather well edited) Youtube video. Apparently the domain simply hosted the same phishing page, so yes - it's a fair bet someone had it taken offline.

The important part is when you check out the profile of the person who owns the account:


flu3.gif

Yes, our phishing friend is only 14. I've had quite a bit of experience researching people at the younger end of the age spectrum involved in this sort of thing, and I have to say the basic mechanics of "how to phish" are all in place with this kid.....slick websites, Youtube promotion, little touches like fake screenshots....it's all there.

Worrying, isn't it?

Anyway, the URL to avoid here is

h1.ripway.com/microsoftpointsgen/
There are many Microsoft XBox Live scams out there - many involve increasingly sophisticated "fake points generators" (which claim to produce "free" Microsoft points used to purchase downloads and other items, only to steal your login details).

However, some are so amazingly breathtaking with regards what they ask the end-user to do, it's somewhat miraculous anybody would actually fall for them.

This is one such scam, currently doing the rounds on Youtube. Our video begins:

dup1.jpg

...wait, how to duplicate the Microsoft points you already paid for? Wow. That's going to be pretty impressive. First though, we need to throw in some cod-technical speak to confuse the masses and make this seem more legit:

dup2.jpg

Yep, that'll do it. Poor old "Microsoft generator", whatever that is. It goes on:

"To do this, you'll need the following items..."


dup3.jpg

Must be an "unused card" (in other words, one that you've already purchased), eh? I wonder why. Let's see where this goes....

dup4.jpg

...EMail? They're not going to ask people to do what I think they're going to ask them to do, are they?

dup5.jpg

...whoops, they are. In a nutshell, you run out, buy your Microsoft points, then EMail a random stranger your (unused) code, along with some more cod-technical nonsense in the body of the mail that supposedly makes this "generator" create a duplicate of your unused code. You then presumably skip into the Sunset, armed with twice the points you started out with and go on a massive spending spree.

The alternate theory would be that you buy a code, then EMail it to a random stranger and they simply use it for free, at your own expense, leaving you with nothing.

Surely not...!
We've heard reports of a couple of these websites currently doing the rounds - they call themselves "Microsoft Points Heaven", and usually sit on free hosting domains. They promise you "free" Microsoft points, then ask you to enter your Live login details. At that point, your data has been stolen.

mph1.jpg
Click to Enlarge

If you check the code, you can see you're not "signing in to XBox Live" at all - you're entering your information into a standard submission form, which will send the information you enter directly to the site owner.

wfrm.jpg

The last URL we saw this scam residing at was

microsoftpointheaven.weebly.com

which is now offline. It will no doubt resurface somewhere else, so be on your guard...

Pages

About this Archive

This page is a archive of entries in the Videogames category from January 2009.

Videogames: December 2008 is the previous archive.

Videogames: February 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.