It’s bad enough to find out you’ve been the victim of identity theft. It’s even worse to sit and watch as the thieves spend the money they acquired with your credit card information.
That’s what happened today to Consumerist reader Brian, who could do little but sit and watch as someone else had a good time at his expense.
I received 2 emails from firstname.lastname@example.org. 1 was for 4000 Microsoft XBOX Live Points ($49.99) and the other for 6000 Points ($74.99). I am sitting at work so I know I didn’t make these purchases. Maybe my cat did at home. He is pretty smart.
Thinking this was a scam, I typed in microsoft.com and navigated to their billing page (NEVER CLICK ON LINK IN AN EMAIL THAT LEADS TO LOGGING IN OR GIVING PERSONAL INFO LIKE THIS) and verified that both charges were made to my XBOX Live account and thus charged to my credit card I had on file.
I immediately called XBOX Live Support/Billing and told them about what was happening and the gentleman was very helpful. He immediately locked my account so now more purchases (cash purchases) could be made. However the thief could still spend all the MS Points that were on my account. Also, he said that he put a ticket in and their systems would start tracking the IP address of the thief while he was making the purchases.
This last point doesn’t really mean all that much. I am a very knowledgeable computer security individual and know that for someone to do this as quickly as they are, I am sure they are in a hotel under a false name and credit card so it can’t be traced back to them.
I was informed that I would need to call Microsoft back when I get home with the Serial # and ID # of all my XBOX’s (I have 3) so they can verify that the purchases were not made on my systems… I just hope someone didn’t break in to my condo and steal them. Once I give Microsoft that information, they will review it and within 25 days they will refund my money.
I watched from my computer as the account went from 10,680 MS Points down to 70. There is nothing on XBOX Live Market Place that is under 120 points ($.99) so I am sure they left it at that and are moving on to the next victim.
On the not-so-bad side, Brian spoke to his bank about the illegal transaction, which were still listed as “pending.” The bank put a hold on them while it investigated and told Brian that, since the card was not swiped and no PIN was entered, the transaction was considered a credit card purchase, meaning that, rather than have to go through the hassle of disputing a debit card charge, he’d be covered by the much more consumer-friendly rules for credit card fraud.