Spotting a Phishing Scam: Discord Edition!

Photo by Tima Miroshnichenko

Spotting a Phishing Scam: Discord Edition! 

Note: Please note I am not a professional security analyst. I am sharing what I've learned from my experiences. This post is not limited to Discord chat only. It can be applied for emails, other chat platforms, social media, phone calls, and more! It's just aimed more toward the Discord platform in general. 

You've just landed in a new Discord server or you just had someone land in your own personal Discord! The moment is exciting as you're ready to explore or be explored. All of a sudden, someone provides a link aiming toward an offer for a free game key/code, free Nitro (monthly membership), or a gift card. Sounds super exciting but before you click that link, keep reading! 

What's likely happening here

So what's going on in this kind of situation? The most probable would be a scam! In some situations you may get a genuine generous person trying to share their blessings but, in most cases, you are going to get people or bots that are attempting to scam you. The type of scam that would make most fall victim to these offers is called Phishing. 

What is Phishing? 

Photo by stephen momot on Unsplash
Not to be confused with fishing and simply put, phishing is a collection of just enough of your information to steal your identity or in most cases, to attain more personal information like credit card numbers, passwords, or even social security numbers. They do this by sending a link that seems like a legitimate or reputable website. This can be anything! Some websites could be but not excluded to game stores, department stores, or even big leagues like Target, Walmart, or Amazon.



To catch a scammer in your discord

Photo by Skitterphoto
These points can really be used on any platform, phone, email, and more in order to catch a scammer, scam, or bot in their tracks! 

1. Signs of a bot: The first thing to determine may be a little difficult. Is this a real person or a bot (program) trying to collect information? Oftentimes you will encounter a bot. Clear signs will be the member in your discord posting in a wrong text channel. Another clear indication is that they will spam or post the link as much as they can in one but usually more channels. Additionally, You may find the same member doing the same action in different discord servers. Another way to determine if the member is a bot is to directly message them (DM) or try talking to them. If they don't respond, then they're likely not a real person. To spot an actual person, skip to #4. 

2. Member details: Look into the person providing the potentially malicious link. How long have they been on Discord? How long have they been on the server where they're providing the links? Are they trustworthy? Is it someone you personally know? Positive answers to these questions may lead to this person's Discord account being compromised or, with some digging, could mean that the link may in fact be non-malicious. 

3.The offer: Oftentimes, the offer is too good to be true. Really, that's enough said but, here are a few examples: a free month of something (Nitro), $100 gift, free $60 game key, etc. 

4. The link: The link provided will be sneaky and look very legitimate. Here's a few ways to spot such a link as being a big giveaway to a phishing/scam site. 
  • Short links: These are 50/50 untrustworthy. Some bigger sites like Amazon may use short links, for example (legitimate link and item by the way): https://a.co/d/bEOnpds However, in a setting where something isn't commonly advertised or advertised out of the blue, like a Discord post from a random member, it would be advisable not to click on it. Also, a lot of phishing short links will have funny or strange names that don't seem to be affiliated to the actual business they're trying to convince you of. 
  • Misspelled: Links that are misspelled are often malicious. I've recently had a phishing bot situation in my streamer Discord server recently. I'll use that as an example, however, I won't be posting the full link for safety reasons: steanmconmnunmity or broken up into steanm conmnunmity. This was the main site's name followed by some numbers. The idea behind the mispelling is that our brains auto-translate this to steamcommunity or steam community which is part of a legitimate gaming platform that sells games. 
  • Out of place: I'll continue to use the example above. store.steampowered.com is the website to the gaming platform where you would buy video games. It would make sense for a promotion to take place there. The malicious link, steanmconmnunmity deciphered to steamcommunity implies that the link is leading to the store's community section where customers, developers, and employees may communicate about specific games, experiences, or concerns. A link that would lead to a community forum would not make sense if a promotion was being offered to you. Many other phishing links will often be misspelled to trick your brain into thinking it is for a specific legitimate site. 
5. Bonus (professionalism): You've reached out to the person providing the possibly malicious offer and they've responded. Now you are convinced they are not a bot (program) just spamming channels. A real promoter or employee of said associated company will have a level of professionalism. For scammers, hackers, or phishers, professionalism often goes out the door. They will try to pressure you into visiting their site, offer to collect information to complete the offer for you, get mad at you, or in some cases begin to tell you off and offend you. 

What should I do if I get a phisher or scammer in my Discord?

Photo by Alexander Shatov on Unsplash

For starters, whatever you do, DO NOT click on that link. Not only will they attempt to retrieve your information, you can leave yourself open to harmful malware or viruses. If you are a member of the server, there isn't much you can do other than leave the link alone and inform a moderator or the owner of the server. You can personally block the person but it won't protect the rest of the people in that server. 

You can block anyone! Here's how: 

PC/browser instructions: Go into the server 🠞 looking to the right side where all members are 🠞 right click the suspicious user 🠞 click on block (3rd selection from the bottom). 

Cell phone/portable device Instructions: Enter the server 🠞 swipe left 🠞 then swipe left again to get to the member list 🠞 tap the suspicious user 🠞 tap the 3 dots on the top right of the profile 🠞 tap block 

Block someone in a Direct Message (DM): Click on the top left which is usually all your direct messages 🠞 right click the suspicious user that messaged you 🠞 click on block (2nd selection from the bottom). 

If you are the server owner or a moderator (mod) then you want to ban this person from your server. If they reach out to you through a direct message (DM) then it would probably be best to block them as well. 

Here's how to ban someone from your server: Go into the server 🠞 looking to the right side where all members are 🠞 right click the suspicious user 🠞 click on ban (3rd selection from the bottom). 

At the end of the day

This entire post is not just limited to Discord and can be applied to any chat program, e-mail, text message, phone call, or even games! If it sounds too good to be true, it often is best to know what to look for as mentioned! Safe interneting everyone!

Comments

Post a Comment

Popular posts from this blog

The Visual C++ missing error PLAGUE! How to fix that missing file in 5 easy steps!

Image
I mage from Microsoft  support vc_runtimeMinimum_x86.msi, a file supposedly missing and never found! Here's the once and for all fix! (Quick Post) 2020 is full of problems, problems with playing computer games or streaming SHOULD NOT be one of them. Recently, maybe with the most recent windows update , I've been running into an issue with installing and running certain games. It's even happening with my streaming and desktop recording programs. A mysterious and ugly "missing" registry key for C++ in relation to vc_runtimeMinimum_x86.msi. So, what is this and how do we fix it? Here's the solution! What is Microsoft visual C++ redistributable? (Skip fluff?) I'll try to make this as simple as possible. Visual C++ Redistributable is what many programs, that use the C++ programming language, use as quick references to pre-made functions and
Read more

Blue Screen Of Death Blues. Possible Fixes For A Happy Computer!

Image
Let's Try And Fix Those Computer Problems And Blue Screens Whether it's your first time, reoccurring thing, or the the last straw, computer issues happen at the most inconvenient times. From slowing down your computer to the worst case scenario, a blue screen of death (BSOD), it can be very frustrating and scary. Not to worry! You should be thanking the "blue screen of death", as it is stopping your computer from essentially breaking itself or it's software. Also, there is often a misconception that a blue screen is always a result of hardware issues. This is not usually the case from my experience. This will be a guide to help you resolve these issues the fastest way without resulting in expensive hardware replacements or a reinstall of Windows. As a reminder, this would be the faster way and NOT a cure-all but, are some good steps to take first before making huge inconveniences. Please note: All suggestions are for W
Read more

Streamer Tip: The Professional Lurker

Image
Photo by Dids from Pexels The Professional Lurker For starters, it's not what you think! If you're unfamiliar with message boards, forums, chat rooms, or live streams; you may think a lurker is a negative entity to have around. We think, someone or some THING is watching, stalking, and waiting. In the streaming world however, lurking can provide some benefits. What is a stream lurker and why do they lurk? Simply put, a lurker is someone that chooses not to or is unable to participate in a stream's chat. There are many reasons a person may not participate in a stream or the stream's chat that may be, but not limited to, social anxiety, shyness, out for a drive, working, and/or just about any reason that hinders the ability to type or click something in the stream. So, why lurk?  Support! While some lurkers are there to just check out a streamer most lurkers, from my experience, are there to support the streamer. In most cases, while not active, they still count as a numb
Read more