A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP app of choice for many gaming communities, is having a bit of trouble with phishing links.
You may recall we’ve covered a lot of Discord scams previously. Service users can create bots, those bots can be invited into channels, and then they get to work spamming. The messages run the range of free games, discount sign-ups for services, or just plain old fake login screens.
You’ll also frequently see bots pushing offers for things which simply don’t exist anymore. Their purpose is to hit the channels and drift forever, spamming all and sundry until they get a few hits. This week it’ll be a bot promoting a “red hot” offer from 2018. Next week it’ll be promoting crossover deals with a service which went out of business a year ago.
While many gamers who know their stuff won’t fall for those kinds of things, plenty of others will. They could stand to lose their gaming accounts, their logins for other services, some money, or perhaps a combination of all 3. Depending on the scam, they could also be used to send spam messages to an even bigger audience. You definitely don’t want any of this clogging up the channels you use on a daily basis.
Spam messages are sent to other Discord users. As is common with this kind of attack, they’re themed around “Nitro”. This is a paid Discord service which offers added functionality in the servers along with some other features. At one point, games were included in some of these deals, and those were a big target for scammers even after the games were no longer available. The scammers are just banking on nobody checking before clicking the links.
Here’s what some of the current messages going around look like:
Note that this isn’t being sent from bots (as in, chatbots specifically coded to send spam links). As the Tweeter points out, this is all being sent by friends. Those friends have likely been compromised earlier in the chain, and are now being used for malicious purposes.
As for the messages themselves? They’re a mixed bunch. One claims a friend has sent the recipient a Nitro subscription. The others claim the recipient “has some Nitro left over”, tied to a URL which mentions billing and promotions.
When sneaky sites go phishing...
The sites here use a common trick. This is where they switch out the letter i, for an L in the URL. As a result, you’re not visiting Discord, you’re visiting something along the lines of dLscord instead (we’re using the uppercase L here purely for visual clarity).
From there, it’s a case of phishing the victim's logins.
Tackling the Discord phishers
Sometimes these sites already have multiple red flags thrown up along the way:
Other times, you’re reliant on the site being taken down or your security tools stopping the scam in its tracks. Either way, if you’ve entered your details into one of these sites (or similar!), then change your login as soon as possible.
How to protect your Discord account
Discord offers some tips on how to keep your account safe:
- Use a strong password, and one that is unique to your Discord account. A password manager can help generate and store strong passwords for you, because it's very very difficult to remember them yourself
- Set up two-factor authentication (2FA) on your account
- Set up message scanning, which automatically scans and deletes any explicit content. You can choose to do this for all messages or just those from people not on your Friends List
- Block users if you need to. Discord offers more information on how to do that in tip 4.
Stay safe out there!