As someone who works in the security industry and has a lot of contact to customers that handle different fraud scenarios (mostly in Europe), I'd like to point something out. Fraud is defined by almost all of them as an act where a 3rd party abuses the given service infrastructure and harms the service provider financially or creates a denial of service condition.
Interestingly enough, if one of their customers is the victim, it is not considered as fraud damage, but as a support case.
At least until it becomes public in some manner and gets a higher priority due to the PR damage inflicted.
I am not familiar with the way that Microsoft (or Sony/Nintendo) defines that particular issue, but I just wanted to put that out as food for thought.