XBox Live currently has a warning issued in relation to “phishing attacks” in the Modern Warfare 2 game. However, information is frustratingly thin on the ground leading to much confusion as to what the attack is, how it takes place, what to avoid and so on.
Things I have seen in the past:
* Social engineering attempts in a game session. The attacker picks a game full of distractions – Left 4 Dead, for example – then gets talking to their random team mates. You’d be surprised how easily people let their guard down in relation to password reset questions while filling hordes of the undead with shotgun pellets.
* A hack that enabled users to temporarily change their gamertag while in a gaming session. This meant attackers would look at publicly available lists of Gamertags used by game developers, then jump into those titles and pretend to be said game dev. At that point, the “give me your login and I’ll give you a sparkly machine gun” messages started to flow thick and fast. Of course, not everyone using this glitch tried to phish people (warning: swear words, as you probably expected).
This time around, it looks like a particular game mod gives users lots of crazy abilities, but (from a quick scan of Youtube and elsewhere) also allows them to post chat messages onscreen, and they look like the kind of messages that are posted in certain games by developers every now and then:
Posting links to URLs ingame? Oh my. I could be wrong, but if anything screams out “Danger Will Robinson” this would probably be it. Hopefully Infinity Ward and / or Microsoft can patch this one up asap.
For now, keep in mind that you should NEVER give out your login credentials ingame.
You won’t get a sparkly machine gun for your efforts…