On Sunday Stepto the head of The Xbox live policy team said that they are indeed looking into it and specifically trying to make in console messages reportable. For now he said to email him at stepto[at]xbox.com(I think that's his email). He will pass any reports on to his staff for investigation. Also I recommend listening to the recent PAX podcast of the Major Nelson podcast it has the entirety of Stepto's panel at PAX on Xbox live policing and security.

@logicalnoise: Also he says they monitor all scams on xbox live. Anotehr option is to make a thread on the offcial xbox forums(his staff monitors them all day).

Correct me if I'm wrong, but can't you limit your online correspondence to only the people that you are friends with?

/not 100% sure, but I've never had a phishing scam in the 5 years I've had the Live service.

I'm not seeing the MS responses as saying they don't care. I'm seeing them as saying they are working on the issue and plan to have a way to report it soon. I get that you think it's not fast enough, but there's no evidence they are lying.

Well first off, as logicalnoise pointed out, Stephen Toulouse (sp?) who is in charge of policy enforcement (and possibly user operations?) said that next update there WILL be an added option to the report screen for phishing. Please keep in mind that you cannot add a report option for every possible reportable situation.

Also, Stepto has said that his team DOES read the forums. They don't reply to each thread, but they do read the forums. It's also possible they reach out to forumites via email rather than replying to the threads (i dont have any source for this, just a theory)

As for the CSR, he wasn't lying. Report them for cheating might be the "most accurate" way to describe what they are trying to do. They are trying to exploit users gaming credentials for personal gain. So, until there's a phishing option, perhaps that really is the best, most accurate report description.

The CSR who told you to make multiple accounts. Either that's completely BS, but for the sake of argument, I will say it's not. In that case, the CSR absolutely had no idea what she was talking about. Registering multiple accounts to report a user is against the terms of service. Even telling all your friends to file a complaint on a person is against the Terms of Service. This will actually also be a new report option (asking friends to report needlessly)

Also, it doesn't matter if one person or 500 people report a user. All reports get consolidated into one that is later reviewed by the team. So registering many accounts to do this would do nothing.

Your best bet is just to block all communications and keep on reporting.

@custommadescare: I'm really not sure, but I've seen this happen before. This guy was in game chat, and i could hear him, but he wouldn't respond to me, or even acknowledge i was saying anything.

"No no, I don't want to play Team SWAT"

"*switches* Okay is this one okay? --- Hello? Uh? Hello"

"I'm so excited to play!"

I'm guessing it's parental control setting that sets you can communicate with you in-game and in-console (messages, etc).

@custommadescare: Oh, and why would you trust some alleged online gamer for cheats when you can easily find walkthroughs and cheats online?

@custommadescare: people as a whole are very naive. And they want a quick fix.

@custommadescare: Yes, you can. I've got messages (and voice) set to friends-only. I catch a lot of flak on forums for it, but I frankly don't feel like listening to an idiot 12 year old trash talk me in Soul Calibur, or some mouth-breather playing Rock Band.

Xbox customer service regarding fraud is horrible. I emailed them asking them to shut down an account made under one of my email addresses (As in, somebody out there created an Xbox live account with their name and everything, but used my email address instead of theirs.) and they sent me an email back saying something similar to "We're sorry your Xbox live account was hacked; don't give out your password online, stupid."

So I took matters into my own hands, and had Xbox send the password for the account to me. Then I changed the email associated with the account to a mailinator account. THEN I figured out how to close the Windows Live account associated with my email address (it was a gmail address.)

So it may have bee an honest typo on the guy's part but I still think it was a scummy thing to do, and Xbox was NO help whatsoever.

Unfortunately this Phishing on the Xbox 360 is new. I've never have gotten one. Obviously I dare mention its against the terms to cheat, so someone who complies with their requests deserves their account taken away.

But beyond that, reporting them with what options you currently have is the best you can do. Receiving 3 in a day, just shows you cant expect to call and report all of them over the phone. Report them, and yes the more reports a gamertag gets the faster I assume someone will investigate them.

@LJKelley: Also, might I add. This heading/title is 100% false and you have no proof other than hearsay. The fact is Microsoft does have a reporting tool, granted not a perfectly up to date tool. But just even a minor investigation would show that Major Nelson and others are aware and that updates are planned to address this. To claim this is a 'blind eye' is pure blogging FAIL.

@Brain.wav: I'm right there with you. Even more annoying though are the people with broken mics that don't know it. I've had to leave sessions because of it.

The only unsolicited messages I've seen were ones that my wife got a couple of years back. Some guy we'd never heard of started sending her valuable pinatas in Viva Pinata, and filling her inbox with messages. (Yes, I played a game called Viva Pinata)

I didn't think that gamertags were user-searchable... Are they? Is it like the old AOL in that you can search for female/age, and then stalk them? We never figured that one out.

@Knippschild: I think they may just have had you muted... If you set com to friends only, doesn't it block your ability to send com to everyone else in game as well?

@Mike8813: I long to play Viva Pinata. I've heard that it's really fun. I will have to buy it for PC though, when the price is right.

@Kimaroo - 20% More Kitty Added!: Be warned, it's insanely addictive. Beneath the cutesy exterior is a great game, trust me. I think both the original and the sequel can be had for $20 each, so give it a shot!

@LJKelley: no MS gets all reports in the order they get them and any multiple reports just get lumped into the same file and they read them all at once. 1 report works as well as 100.

@Kimaroo - 20% More Kitty Added!: it's 50% virtual pet and 50% zen garden. Lots of fun but ironically i stopped playing because I was too busy with other stuff.

@Brain.wav: I think even worse was in NHL 09, we used to play team games...and the other team's audio would start coming across...we'd be sitting there listening to them talk smack about us in Czech or German...very frustrating.

@Knippschild: The CSR was most likely just trying to give the OP something to do. There's really nothing that can be done at this point, so she was reaching for anything that would get him off the phone.

What was she supposed to do? Go personally beat up the phisher?!?

@LJKelley: And even more on this. Having a read through the Xbox Account Suspensions forum where those who have been banned post all their 'but I didn't do anything wrong!' messages can be entertaining, and shows that Microsoft actually does pay attention.

One of the ones posted recently was from somebody whose 'friend' seemed to know a lot of different gamertags and passwords, when suddenly their console couldn't connect to Live. They got banned (permanently) from connecting to Live for benefiting from phishing.

@LJKelley: A few people in my clan (shout out to Tactical Gaming!) got suckered in by the Modern Warfare 2 Beta phish a few months ago. That was the first I'd ever heard of it.

Once they take over an account, they use it to send a phishing message to all that account's friends. It spread pretty quickly.

But I did find it funny that everyone said their accounts were "hacked". It's not hacking if you give someone your password!

@Mike8813: I don't think they're searchable, but once they find out you are female, some bored guys will follow you around. Forever.

@custommadescare: Once they phish one of your friends, they will use his account to send you phishing messsages. It spreads like wildfire once they get a toehold.

@custommadescare:

Yes, you can. But in doing so you are sacrificing the ability to get messages from people you might want to in response to an issue that should addressed by MS.

Asking someone to limit their experience for something that should be fixed isn't the answer.

The option is there for people who want it. But for people who might want to hear from a guy they just spent an afternoon playing with don't want to turn the option off to fix MS's issue.

Your example would be like telling someone to just not use their air conditioning in their car because it makes an annoying squeal. Sure, turning off the air doesn't prevent you from using the car, and eliminates the annoyance, but it eliminates a feature in order to resolve an issue that should be fixed.

@JennQPublic: No. She was supposed to not provide advice that would result in the user breaking the terms of service..

@Kogenta: I don't think so. This kid keeps sending me party invites and game invites.

He sounds a little young, so I wouldn't be surprised if it is a parental control setting. I'm not sure how that works though as I never navigated through those screens.

@Mike8813:
Nothing wrong with playing Viva Pinata, I own both games and I'll be damned if it isn't fun as hell!

@logicalnoise: Right. He and his team are "taking it very seriously."

@logicalnoise: Good information, I am glad you got first post so people can see this.

I got an email to an email account not associated with my xbox account the other day. It said something along the lines of thanks for using your visa card please click the link below to verify your account for your 300 ms points. I remember I also got something like that for 1 vs 100.
Almost got me because I did take part in the visa promo. I set up my live account username as something different than my xbox username though.

Also there is a guy who plays aegis wings who will send you a message to help you get achievement points. By help he means let him have you password so he can get them for you. I've reported him 3 times. Don't know if he still plays.

the problem here isn't that MS doesn't care about phishing, the problem is that their customer service number is of no use to anyone.

A long while back, somewhere between 2006 and 2007 MS actually did a large training initiative where everyone in customer service was retrained about how to spot a scam, and who not to give account info to in order to protect account holders.

In lieu of calling the 800 number when you get a phishing email, first report them in game. It doesn't really matter what for - probably abusive communication. The point here is to draw attention to them. The team in charge of enforcing the TOS will have a look at their account, see the suspicious activity, and shut them down.

Additionally, you may want to post info about the experience on the Xbox.com forums so other users can be aware of the issue. You might help someone else avoid having their account stolen.

Lastly, if all else fails, contact Stephen Toulouse. He's the Director of Policy and Enforcement for Xbox LIVE, and an all around good guy. shoot him a message on twitter [twitter.com] and chances are he'll help you out.

Like I said, it's not that MS doesn't care, it's just that calling the 800 number isn't the right way to get anything done.

The Xbox response to phishing has been as good as some banks as far as I'm noticing. The issue is that their CSR policies regaring phone-in questions are build to avoid as much social engineering as possible.

MS has a vested interest in making Xbox Live as safe and enjoyable as possible, I'm positive they are working as hard as they can to make this happen. (I've also listened to Stepto talk about what his team does a couple of times through podcasts and online, they are smart people fighting a really hard battle against scammers. )

I find it hilarious that the Consumerist will run this type of phishing story against Microsoft to cast them in a bad light and anytimes phishing is mentionned in another story, they use it to attempt to educate people.

In my 5 years of XBL I have never had this problem...

...however this is like tackling all those emails I get from foreign dignitaries who want me to help them transfer some funds. Or the gold spammers in WoW.

All you can do is block or report the spammer/phisher. You'll never get rid of them - XBL, email, what have you. Just because XBL doesn't have "Crucify this phisher" button doesn't mean the problem is being ignored, it's just much harder and larger to tackle than one would think.

@Knippschild: No, if it was parental control, you wouldn't hear him either. He could have the voice volumne turned all the way down. Or he could just be an idiot. All things considered, the latter is probably true.

@logicalnoise: Great info...kudos on being the first post.

@Brain.wav: +1 because mouth-breather is my favorite phrase. And so descriptive...

Oh.. And when Microsoft ascertain that someone is a phisher, they normally ban the account AND the console. Meaning that the person doing the phishing has to buy a new 360 and register a new account just to get started again.

The phishing going on thruogh the web however is another story.

@oceanstate: They shouldn't be making up responses, especially not ones that ultimately mean the client breaking the TOS. The first thing I was EVER taught when I worked in a call center? Do. Not. Make. Things. Up. Don't do it. You will get caught. You will look stupid. The client will be pissed. If you don't know something, ask. If the client isn't happy with your response, be sugary sweet and move on.

And if the CSR wasn't lying to him, why'd she offer him a solution that conflicted with the TOS, then hang up when he confronted her on it?

If you had bothered to contact Microsoft, or even if you had done a Google search, you'd know that Microsoft IS fighting back pretty hard against the phishers. The advice to file a complaint is good advice, though I think it makes more sense to file the complaint under the inappropriate text message category.

Microsoft does investigate all of the complaints they receive via Xbox Live; it really is the best way to report this kind of thing. They will read the message, and they will take action. Usually that involves banning the gamertag or even banning the console the message was sent from. They also work proactively to detect phishers, and they warn users via text messages on Xbox Live and in-game messages (anyone who plays Halo 3 knows that your password will NOT get you Recon armor). I've also heard Stepto on several different gaming podcasts warning people about phishing and talking about how they handle it.

No, Microsoft doesn't turn a blind eye to phishing. That's a complete misrepresentation of reality. I won't call it a lie, because I believe that you honestly don't know what you're talking about.

@Miraluka: if you listen to the podcast featuring the PAX panel you'd know that 95% of their jobs is analyzing user behavior and reacting appropriately. This is a new behavior and they are reacting appropriately. They already have a tool in the works for the next dash update and there are numerous ways of reporting phishing scams outside of the console environment.

@Murph1908: I thought friend requests were separate from the voice and messaging system though. I know I've gotten requests from people that I've never even gamed with before.

@Knippschild: Heh, and now the internet isn't fast enough for some people!

Does anyone want to bet that if some scammer came up with a way to deprive Microsoft's money & time, they'd have it addressed, patched and fixed within 24 hours?
Once Microsoft has your money, they really don't care.

@LJKelley: Phishing has been around for eons. For Microsoft not to have something in place now is malpractice. Or simply not caring about their customers.
Or (OMG!) the children!

@Kimaroo - 20% More Kitty Added!: LOL. Rock on...that totally made my day!

@Knippschild: It's only the most accurate way because they've got nothing that is accurate in dealing with a pretty widespread situation, though. It's simply a "least worst" option.

@Rask: Can they really? That's so awesome. SO awesome.

@katstermonster: MS doesn't have a system in place to deal with this stuff yet, he knew that, and yet he called up to be belligerent (by his own admission!) with some poor CSR who he knows has no control over this problem.

He knew she couldn't help him, he just wanted to take out his frustration on someone. I'm not saying her lying was okay, but how long had he been badgering her about an issue he knew she couldn't help him with before she started saying whatever she could to get him off the phone.

OP's an ass, and I don't blame her for grasping at straws to get rid of him.