Some woman named Wendy in Minnesota is using her credit card to put digital gift cards on my #microsoft account. The gift cards appear to be legit -- I now have a $160 in #xbox credit.
Is this a #scam? #fraud? Have I been #hacked?
Whatever it is, I don't think she's doing it right.
and no, there's no obvious way to report this to Microsoft. And I desperately need to, because it appears for all intents and purposes that I have defrauded Wendy.
help?
update 2: Wendy's mailing address is now my default billing/shipping address in my microsoft account
update 3: Wendy's addresses have disappeared from my account
update 4: both of the digital gift cards now appear to have been redeemed.
update 5: fraud report filed with microsoft; listing microsoft itself as the fraudulent company, given I've got nothing else to do while I wait to live chat with microsoft support.
update 6: WOW THAT WAS SOME CRAZY GASLIGHTY NOTMYJOB tech support from microsoft.
update 7: #microsoft DGAF if people are using stolen credit cards to make purchases using other people's accounts without actually signing into those accounts.
update 0: my first step was to change my password. 2FA was already enabled, and there have been no unauthorized logins...
@madopal I have 2FA and changed my password first thing. I also checked my login history, and there was nothing suspicious.
@DrTCombs @madopal I've seen 2FA bypassed via Phishing and a tool like https://help.evilginx.com/ . Not sure whether you see that in your login history as it rides along on an existing session. Is there an option to terminate all currently logged in sessions?
@Cycling_Liz microsoft was...less than helpful...
@DrTCombs I hope this all works out okay. Very weird and now I'm going to check my MS account, which I never really look at.
Yuck, but sounds so typical of every large corporation ever.
I've got an old Gmail account that a number of folks have mistakenly or lazily used for signing up for things. I'm often on alert for someone to try to scam me that way.
Online scams
@DrTCombs
Not saying that's what you're seeing.
I've also heard of the scam where someone sends you money (via PayPal/venmo, etc.) on a stolen card, and then sends a message saying it was their mistake, and asking to have the same amount sent back in a new transaction.
The stolen card transactions get cancelled, the mistaken money disappears. If the (second) victim sent a new transaction, then the payment service won't cancel the second transaction as it wasn't "fraudulent".
@DrTCombs did you record the address so you still have it? Keep notes. Did you have your own address on the account or other info that's been compromised? Watch for suspicious activity outside of this account involving any info that was breached, and don't try any transaction with your money through that channel. It doesn't sound like they're here for your money (yet?), could be your account is just a tool for some laundering/ arbitrage activity but maybe Wendy is too.
@DrTCombs there might also be a chargeback scam coming where those cards were fraudulent but it looks like you are liable for the purchases.
@enobacon I screenshotted everything. Been waiting to live chat with microsoft for 45 minutes...
@DrTCombs
I have no idea how this stuff works, but I think the first step should be changing your password.
@tanquist yep, that was my first move. No suspicious logins in my login history though!
@DrTCombs @tanquist I am fairly sure I don’t need to login to credit a gift - I can do that for my nephew. You just need the email the XBox account is registered to. It’s possibly a way to get a stolen/hacked credit card working without it being traceable or I think the blackmail/getting access ideas are the most likely.
I would immediately report it to Microsoft and keep a digital paper trail of the reports you made. That *should* be enough to CYA.
Unfortunately Microsoft may very well ignore your report but I would 100% make the report.
This appears to be the current means of reporting fraud.
@DrTCombs No, the fields there don't match your experience, but I would still do the best you can to wedge your info into what they provide you.
@MichaelTBacon done. I listed microsoft as the name of the fraudlent company, for lack of a better idea!
@DrTCombs No lies detected!
@DrTCombs Can you see Wendy’s credit card company? My spider senses tell me that credit card is stolen and they would love to know that
@Lyle no, I can only see the name, expiration date, and last 4 digits.
@DrTCombs Maybe....or maybe a simpler explanation: https://xkcd.com/1279/
But yeah, this is a real problem, I'm really not sure what to do, although I don't think it's you who has defrauded Wendy.
@DrTCombs this sounds a bit like laundering money or stolen credit cards through legitimate accounts. There must be a flaw that allows buying (and redeeming) egift cards without any confirmation.
update: it appears someone (Wendy?) has redeemed one of the digital gift cards