Discord

Much like any online program, people will always seek to abuse it. Discord is no stranger to this. Coming to light today is an apparent phishing scam involving discord. I cannot confirm it directly on discords official website, but it is something that I think warrants everyone's attention. Vigilance with your data is always the best response and not clicking suspicious links is as well.

A message coming from a friend or someone in a group chat you were in that would have a link posing as an official discord link will lead you to a website where you log into what appears to be discord. As I'm reading, once you do login on that website you've given your account information away and your account will be taken over.

There are a few simple steps you can do to ensure this doesn't happen:

1. Don't click any links you find suspicious even from people you know. PAY ATTENTION to the link. In this case, the link URL will have "https://discordgg.ga" etc, etc. Discord official links are discord.gg. NOT discordgg.ga. If you're at all uncertain best advice, just don't click it. (See screenshot)


062519 discord phishing link scam

 

2. Enable two-factor authentication (2Fa) on your discord account. It's simple and easy to do. Click the Gear icon on the lower panel in discord and go to your account.

a. click on enable 2fa and follow the instructions. For android phones and tablets, you may need to install google authenticator, a free program that will generate a code when you want to log in. Once you type your email address to log in, you'd open the google authenticator app on your phone or tablet and type in the provided code (it changes after a time interval).

b. Set up SMS backup authentication as a second safety step. Normal SMS charges from your carrier would apply if applicable.

If someone you know has clicked the link and has become victim to this you can do the following:
--Remove their old acct from all group chats (see who's group owner, they can remove)
--Unfriend & tell others to unfriend
--Save anything you need from your DMs
--On their new acct, HELP them reach out to friends

There is a twitter thread that at the moment has some ideas for various scenarios and actions you can take should you suffer this. However, be aware they are calling this a virus and it is not. It is a phishing attempt and you CAN avoid becoming victim to it. So first and foremost keep calm and don't panic, proactively activate 2fa, and create an SMS backup because these methods will help you avoid any issues like these now as well as in the future.  Twitter Thread on Discord phishing scam 06/25/19

As always if you have any questions, feel free to reach out to me, Mike or Eagle and we'll gladly help you understand any of this.