Victims hand over their Xbox Live credentials to fraudsters

Sep 10, 2012 10:07 GMT  ·  By

Researchers have stumbled upon a “freebies” website that allegedly offers 10,000 Microsoft Points, for free, to anyone. Of course, the prize is fictitious, the site’s main goal being to harvest large quantities of sensitive information.

The website – xbkfreebies.com – urges visitors to enter their Xbox Live email address and password. This is where the fun starts. Once the information is provided, the fabulous offers just keep rolling in.

The victim is asked to select the number of free Microsoft points he/she desires. It can be anything in the range of 400 to 10,000 Points.

No matter what the internaut selects, he/she is then greeted with another offer: 4,000 Microsoft Points and a 12-month Xbox Live gold membership in return for an email address.

But that’s not all. The victim is also asked to complete Silver and Gold offers and invite some friends.

Finally, a cleverly designed “processing” webpage is displayed. An animation shows that the gateway connection is established, settings are configured and applied, and the points are generated.

To make everything more genuine-looking, the website displays “testimonials” from players who have allegedly won their points. However, a closer look at the screenshots that accompany the claims clearly shows that it’s all just part of the scam.

Similar to other scams that involve all sorts of offers, no one actually wins anything, except for the individuals who run the plot.

“Our advice is to accept that something for nothing is a very hard trick to pull off, and that you’re better served saving up instead. At worst, you won’t end up handing over your login credentials to complete strangers. At best, you’ll have a new game and some change left over for that gold plated yacht you always wanted,” Christopher Boyd of GFI explained.