14 DAY TRIAL // Security researchers from Sunbelt warn that phishers are trying to steal Live IDs from Xbox users, through a fake program which promises a free Gamertag change.
Gamertags are the unique names used by players on Microsoft's Xbox LIVE platform and they can only be modified through a special service in exchange of 800 Microsoft Points.
Microsoft also forces users to change their Gamertag if it is deemed offensive by other users, in which case the operation is free of charge.
According to Christopher Boyd, a senior threat researcher at Sunbelt (now part of GFI Software), many users still believe that it is possible to trick the system into allowing a free Gamertag change, if all their friends report it.
Of course, Microsoft has checks in place to detect such fraud attempts, but the myth's persistence offers a good opportunity for phishers to prey on less knowledgeable players.
Boyd reports that there's a program called "Gamertag Changer" going around that does nothing more than steal Windows Live credentials from Xbox gamers.
The application claims that it will file numerous complaints regarding the user's Gamertag in order to trigger an automatic change from the system.
"Microsoft has an automatic system that makes you change your gamertag somewhere between 100-200 complaints.
"This program will send out around 500 at most to be sure you can change your gamertag," part of the description reads.
Users who fall for the trick and input their credentials will see a message asking them to leave the application open for at least two minutes and then try to re-login on Xbox LIVE.
Meanwhile in the background, the program sends the captured Gamertag, Live ID and password to an email address controlled by the phisher.
"Considering all the things you can use a Windows LIVE ID for, it isn’t really something you want to be handing over to Little Jimmy Hackpants. VirusTotal scores are extremely low at this point – just 2/43," the Sunbelt researcher advises.