Xbox LIVE FIFA scam is ongoing

FIFA Scandal

For the last month or so, there have been reports of some kind of scam going on with FIFA and Xbox LIVE. Even trashy UK tabloid The Sun ran an appropriately misinformed story about “thousands” of Xbox LIVE accounts being “hacked” after users were directed to fraudulent URLs via email, and swapped their account details for free Microsoft Points (…lol).

So that looks like a pretty clear case of user stupidity, but it goes deeper – Dan Crawley of Venture Beat, a professional who’d know better than to fall victim to such an obvious tactic, managed to lose control of his account anyway. In a lengthy article, he describes what happened, and raises some troubling questions about the security of Microsoft’s network in the process.

Interestingly enough, the same thing happened last week to Geoff Burrows from NAG, who quickly resolved the matter with Microsoft, but was also left wondering how the hell it happened at all.

It’s always the same thing  – basically, the user account information is somehow acquired, and the profile is recovered on the scammer’s console. Using the real owner’s available credit card details, the scammer then buys up a bunch of Microsoft Points and blows them all on FIFA Ultimate Team trading cards.

Microsoft remains adamant this is a phishing scam, but both Dan and Geoff’s stories suggest otherwise. As Dan also points out, the way Xbox LIVE saves a user’s credit card information and allows purchases without additional security checks is probably not a good idea at all.

“All the advice given by EA and Microsoft relating to the maintenance of safe accounts certainly makes sense,” he concludes. “Choosing unusual passwords, swapping them often, and not using the same password across multiple sites is good practice, and may help to prevent hacking.

“But while it is easy to shrug these incidents off, blaming them on the security practices of affected Xbox Live users, and a number of malicious hackers, could it be that Microsoft needs to look at its own security protocol and ask if it is good enough?”



Forum discussion

Related posts

  • JC Nieuwenhuizen

    I’m definitely not daft enough to fall for a phishing scam. I’m a web and email marketing designer, so I’m usually the first one to see red flags go up when receiving a dodgy email… and yet my account has been hacked, FIFA content bought, and I’m now unable to log into my Xbox Live account while the investigation is still going on. I shared the procedure on

  • LeGeRiTy

    An unauthorized purchase 5000ms points was made on my account and it now says i play Fifa 12 in my games list?!??!
    Most people are aware of social engineering practices these days, Phishing is merely a scapegoat for MS/EA’s poor security.
    My live account has also been suspended for a month with an ongoing investigation.

  • Frans Aal

    @LeGeRiTy the exact same thing happened to me, with the exception that I already did play FIFA.