Did you know that the very act of switching on your Xbox 360 now carries with it an automatic £100 penalty? Hackers can magically extract money from your bank account merely by dint of you owning a Microsoft console and logging into Xbox Live – it’s that easy!
If anything in my hypebolic introduction sounded a tad Phishy, that’s because Rupert Murdoch‘s wholly reputable, in no way morally bereft and entirely ethically sound newspaper The Sun ran a panic-inducing headline today which sought to convince the parents of younger gamers that Phishing and account theft is so widespread on the Xbox platform that it constitutes a routine systemic problem.
You and I may know different, but why let facts get in the way of a cheap front page on a slow news day? Also, the Sun (a News International title) earnestly lecturing Britain about hacking? Kind of boggles the mind, doesn’t it?
What we appear to be dealing with is old-school hacker social engineering married to new school digital larceny. The “Hack” being alluded to by The Sun appears to be nothing more than naive gamers being redirected to a compromised website and being directed to enter personal details which are, of course, used to hijack their accounts, stored credit card details and grab identity information for subsequent use.
Social engineering works frequently because people don’t know that it’s happening – talking online in a “Modern Warfare 3” or “Battlefield 3” lobby to a chatty gamer isn’t likely to make you think that you’re going to get hacked somewhere down the line, but this is frequently how accounts get compromised.
If you want the original story from the Sun, you can Google it, because I’m not giving that unpleasant bunch of reptiles the link traffic. If you want to read Microsoft’s response, you can find it on Facebook, read Bitter Wallet’s take here and follow UK Xbox community manager Graham “Acey Bongos” Boyd here on Twitter for a more measured take on what’s been going on – or to be more accurate, what’s not been going on.
Three Rules to live by online –
1) Do you know the people that you’re chatting with? No? Then keep things general – you have no idea that the people you are talking to are who they say they are.
2) Would you give your bank card PIN to somebody you barely know and hope that they wouldn’t run amok with it the moment that your back is turned? No, you wouldn’t. So why would you let somebody have vital information which allows them to get into your online identities? If the questions get more personal than you’re comfortable with, mute players and disengage. At best, they’re engaging in gamesmanship, at worst they’re trying to get into your digital life. And you don’t want that, do you?
3) Make your passwords distinctive, difficult to guess and secret answers to questions used to reset access to your account should be guessable only by you.
If you’re using ‘password’ or ‘123456’ as your password in this day and age, you probably deserve to have those nice Chinese hackers buying seventeen million iTunes downloads or PSN games on your dime.
Stay safe out there, Gaming compadres…