Saturday, July 13, 2024
How-tos

8 Common Discord Scams (and How to Protect Yourself)


Discord group chat.
Joe Fedewa / How-To Geek

Scammers may target you with bogus free Discord Nitro offers, malware sent via private chats, attempts to learn your Discord token, scam competitions and giveaways, invitations to servers where your “behavior” has been “exposed”, by pretending to be Discord HypeSquad and Partner staff, with crypto and NFC scams, or with fake Steam giveaways and profile reporting.

Discord is a communication tool that’s primarily aimed at gamers, but one that also has broad appeal. Due to the popularity of the service, Discord also happens to be a common target for scammers.

Can You Get Scammed on Discord?

Just like any other communication platform, scams are rife on Discord. The stakes can be very high on the platform, particularly if have your own server. If someone gets access to your server, either by impersonating you or by convincing you to grant them admin privileges, they may attempt to nuke your Discord server or simply use it to spam members and compromise more accounts.

Just because you don’t own a server doesn’t make you immune to these scams. Many scammers use compromised accounts to send messages that point users to scams and malware. You’re more likely to trust a message from someone you know, so it’s important to always have a healthy level of skepticism when using the platform.

Let’s take a look at some of the more common scams in a little more detail. Remember that scammers are always looking for new ways to deceive, so you may encounter scams that differ slightly or considerably from those listed below.

1. Free Discord Nitro Scams (QR Code Scams)

Discord Nitro is a premium subscription service that unlocks benefits like bigger file uploads, HD video streaming, custom emoji anywhere, and a special Nitro badge on your profile. If you’re a heavy Discord user, Nitro is nice to have which makes it a common subject for scammers looking to entice users.

Some people might want to give you free Discord Nitro, which is possible using the Nitro gifting service in chat. Unfortunately, many “gifts” are scams designed to steal your account or direct you to a malicious website. If your gift is legitimate, it will be accompanied by a URL pointing to a “discord.gift” or “discord.com” link, with an “Accept” button that looks like this:

Legitimate Discord Nitro gift example
Discord

There are a few tell-tale signs that your “free Nitro” offer is a scam. The most obvious one is that the person sending it to you is asking you to redeem it by scanning the QR code. They may tell you to scan the QR code using the Discord app (which supports login using this method) which could put your account at risk.

The other tell-tale sign is a URL that doesn’t point to the “discord.gift” or “discord.com” websites but to another (potentially convincing) address. You may get these notifications within Discord or over email, and some may come from bots. Discord states that system bots do not perform free Nitro giveaways:

The only official way to receive Nitro is through a gift sent to you in chat, or by receiving a code that can be redeemed under Gift Inventory in User Settings on the desktop and web apps.

Finally, gifts from random strangers are rare because people generally don’t spend money on random people they’ve never spoken to before. Always approach these messages with caution.

RELATED: How to Spot a Fraudulent Website

2. Malicious File Transfers

Since Discord allows you to upload files (up to 8MB for standard users, 50MB if you have Nitro Basic, or 500MB if you have Nitro), good old-fashioned malware is alive and well on the platform. These files may be sent over Discord itself, or even sent via other means.

In 2022 security firm Zscaler noted that an increasing amount of malware was being disseminated via Discord’s servers. Sophos made similar observations in 2021, with a report stating that at one stage 17,000 unique URLs in Discords CDN (content delivery network) pointed to files that contained malware.

These types of transfers often involve the sender asking the receiver to “test” something out like a game, some code, or even to view a video. Not only could you compromise your account, but you could also put your computer at risk from malware. If you think you may have been a victim, learn how to remove viruses and malware from your PC.

3. Attempts to Access Discord and Bot Tokens

Your Discord token is essentially a digital key to everything you do on Discord. It’s a string of numbers and letters that identifies and verifies everything you do on the platform. You can use a token to log in to your account, and the token remains the same until you change your password or make a change like enabling two-factor authentication.

With complete access to your account, your token allows others to act on your behalf. They’re most useful when combined with a bot that can then act on your behalf, but many scammers will try and convince you to give them your token so that they can hijack your account (and potentially your server).

Discord Developer Portal

Never, ever give out your Discord token. Not even Discord will ask for this. Scammers may try and convince you to give them your token so that they can add a bot to your server, but only you should add Discord bots to your server. You can find out your Discord token using the Discord Developer Portal, but we’d warn against opening this unless you have a solid reason to do so.

If ever you think your token has been compromised, change your Discord password. This will generate a new token, and the old one will cease working. Be aware that some will also be interested in gaining access to bot tokens, which you should also never reveal.

4. Scam Competitions and Giveaways

Discord is a commonly used platform for giveaways, often as rewards to faithful community users. It should come as no surprise then that many competitions and giveaways on Discord end up being scams. The links associated with such schemes often point to unscrupulous websites designed to prey on people.

As an admin of a server, you may be approached by private message or email to run such a giveaway or competition on your server. These scammers often want permission granted to create threads to privately message users on your server (a privilege you should restrict to limit the damage from attacks).

Managing Discord threads permissions

If you want to run a giveaway on your server, insist that you are the person running the giveaway. You could even get a Discord bot to run the giveaway for you. Make sure that any giveaway links you’re sent come from a reputable source, like a known server admin or trusted community member, before you proceed.

And just like many of the other scams listed here, never scan a QR code to enter a Discord giveaway.

5. “Exposed” Discord Server Scam (Shaming Server Scam)

One of the more insidious Discord scams, the “exposed” or “shaming” server scam targets users by claiming that they have been exposed doing something questionable, shameful, or compromising. This scam commonly plays out with an invite to a server, on which your questionable behavior has been exposed.

On joining the server you’ll be asked to “verify” your account using a QR code. If you’ve read this far you’ll know that scanning QR codes in Discord is a bad idea. Scanning a QR code with the Discord mobile app could grant other users access to your account, and scanning random QR codes with your standard smartphone scanner is also a bad idea.

6. Discord HypeSquad and Partner Scams

The Discord HypeSquad is a street team of sorts made up of members of the Discord community who represent the service online and at real-world events. The Discord Partner program is designed to showcase the best Discord servers that serve as inspiration for others. HypeSquad members get perks like free merchandise, travel, and more while Partner program servers get perks like unique branding and community rewards.

Unfortunately, this makes these programs the subject of many scams. Scammers will attempt to reach out to users and server admins by impersonating the Discord staff in charge of these programs. Once they’ve gained your trust they’ll ask you to promote them on your server, provide your Discord token, “verify” with a QR code, or even log in off-site in an attempt to phish your login details.

Look for the “System” tag next to anyone who claims to be associated with Discord to verify their identity. Tags like “Bot” or “Verified” aren’t good enough within this context. Don’t trust anyone masquerading as Discord staff unless they have the “System” tag next to their name.

7. Cryptocurrency and NFT Scams

There exist many Discord servers aimed at cryptocurrency and NFTs, and as a result of this interest, a lot of scams have sprung up. Your presence in these communities effectively paints a target on your back as someone already interested or invested in cryptocurrency, making you more likely to take the bait compared to someone who isn’t a part of that world.

One of the more common scams as reported by Kaspersky in 2021 involves offering users cryptocurrency free of charge either as a gesture of goodwill or an attempt to attract new users to a group or exchange. If you follow the supplied link you’ll be greeted with a legitimate-looking exchange and a form with which to verify the code sent to you. You may even be asked to set up two-factor authentication.

The scam comes to a head when the exchange requires that you make a small cryptocurrency deposit or complete more steps to verify your identity. Scammers will make off with any deposits you make and gather identity documents to sell on, while the cryptocurrency you supposedly “won” was never real in the first place.

NFT giveaways can also run along these lines where the process of claiming your NFT is used to harvest identity documents or demand some other form of payment to activate your account. Beware of new cryptocurrency and NFT communities that act as pump-and-dump schemes, designed to hype up a new coin or NFC release that quickly drops in value once the creator has dumped their holdings.

Tread very carefully when it comes to anything crypto and NFC-related. Don’t listen to celebrities for financial advice, approach Bitcoin with a healthy level of skepticism, and maybe avoid NFTs altogether.

8. Steam Scams on Discord

Steam is the world’s biggest online marketplace for video games, and many Discord users have their Steam profile visible in their Discord account profile. This leaves Discord users open to having their Steam accounts compromised using a variety of scam methods like the promise of free games by clicking on a link which often turns out to be an attempt to phish the account.

Show your Steam profile in Discord settings

Another scam involves the “accidental flagging of your account” on Steam, which requires that you talk to a “Steam moderator” (on Discord of all places) which is in fact someone posing as Steam staff who can somehow magically fix your account. The scammer will attempt to make this scam look more real by posting a link to your Steam profile (which is already on display on your Discord profile).

Stay Safe on Discord

Discord is still one of the best communication platforms on the web, despite the scammers. You should consider moving your group chat to Discord, even if you don’t play games. There are some compelling reasons to use the service including PlayStation integration and the ability to watch movies over Discord with friends, among the many other useful Discord features.





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.