Fake Microsoft Xbox or PC Game Beta Invitation Scam
Scammers send fake beta invitations for unreleased Microsoft or Xbox games, directing victims to phishing pages that steal Microsoft account credentials or install malware disguised as a beta client installer.
Part of: Fake Game Beta Invitation Scam
Last reviewed: 8 June 2026
Microsoft regularly runs public and private betas for its major game releases — including Halo titles, Forza, and Xbox Game Pass catalogue additions. Players who follow gaming news are aware that beta invitations do get distributed through email, Xbox Insider Hub, and social platforms.
Scammers exploit this awareness by crafting fake beta invitations for anticipated titles. The emails mimic Xbox's email design and offer early access to a fictional upcoming game or a real game that is genuinely in development. The recipient is typically a gaming enthusiast whose email appeared in a breach database tied to a gaming service.
The 'download the beta client' link either leads to a fake Microsoft account sign-in page that harvests credentials, or downloads a malicious executable disguised as a game installer.
How this scam works on the Microsoft brand
Microsoft distributes genuine game betas through the Xbox Insider Hub application on consoles and Windows PCs, through Xbox.com, and occasionally via email from @xbox.com or @microsoft.com addresses. Microsoft does not distribute game installers through links in unsolicited emails from third-party domains.
The fake invitation email uses Xbox's green-and-black colour scheme, the Xbox logo, and references an exciting title. It provides a 'Download Beta' button that leads either to a credential-harvesting page styled as the Microsoft account login or to a file download from a non-Microsoft domain.
The malware installer may display a fake progress bar and game-loading screen before failing, leaving the victim thinking the beta was simply unstable — while credential theft and malware installation have already completed silently.
Common red flags
- An unsolicited email invites you to download a beta for a Microsoft or Xbox game you did not apply for.
- The email sender domain is not @xbox.com or @microsoft.com.
- The download link goes to a site other than xbox.com or microsoft.com.
- The installer file triggers an 'unknown publisher' warning from Windows.
- The invitation creates urgency: 'Beta access is limited — download within 72 hours.'
- The beta requires you to sign in via a web page rather than through the Xbox Insider Hub or the Xbox app.
How to protect yourself
- Join legitimate Microsoft and Xbox beta programmes only through the Xbox Insider Hub app on your console or PC at insider.xbox.com.
- Never download game installers from links in unsolicited emails — only download from xbox.com or the Microsoft Store.
- Enable two-step verification on your Microsoft account at account.microsoft.com/security.
- Check that any game-related email originates from @xbox.com or @microsoft.com before clicking any link.
- If you ran a suspicious installer, disconnect from the internet, run a full antivirus scan, and change your Microsoft account password.
- Review recent Microsoft account activity at account.microsoft.com/activity for any unauthorised sign-ins.
How to report it
- Report the phishing email to Microsoft at [email protected].
- Report the malicious URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/.
- Submit the suspicious file to VirusTotal at virustotal.com.
- Report to the FTC at ReportFraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK).
Frequently asked questions
How do I find legitimate Xbox or Microsoft game betas?
Join the Xbox Insider Programme through the Xbox Insider Hub app on your console or at insider.xbox.com. Microsoft also announces beta programmes through official Xbox social media channels and xbox.com.
Can a fake game beta installer damage my PC?
Yes. Malicious installers can install infostealers, ransomware, or remote-access trojans. If you ran a suspicious game installer, disconnect from the internet immediately, run a full antivirus scan, and change passwords for any accounts on that device.
My Microsoft account was taken over after clicking a fake beta link. What do I do?
Go to account.microsoft.com/security and select 'I think someone else has access to my account'. Use the account recovery process to regain control, then review and remove any unrecognised linked devices.