My team and I feel like this needs to be said unfortunately… But we would like to keep everyone up to date on what’s going on. June 25th many Discord users received a random DM from random users regarding free Discord Nitro which required you to login in order redeem (screenshot down below to see what it looks like.) when you clicked on the link it took you to a fake login page that looked exactly like Discord’s login page This is called a Phishing Attack which is a away to gain unauthorized access to someones account and to steal it.
How can I protect myself from it?
This is a good question! make sure you have Two Factor Authentication enabled! having Two Factor Authentication is an amazing tool to help protect from account breaches. Discord offers two ways of Two Factor Authentication, You can use either your phone number and receive text messages with your codes or you can use Authy. one other step! This one is the golden rule of the Internet! If you don’t know the person and don’t click on any links, especially when you don’t know what the link is. Make sure you report it to Discord’s Trust and Safety Team or by email at [email protected]
What will happen if I click on Random links?
This is a good question! When people click on links, especially on Phishing links. When you click on Phishing links it will direct you to a “login form” where from there you enter your email and password and the attacker’s server collects your personal login information. From there the attacker can export the data and copy and paste it into a .txt file and can publish it online for everyone on the internet to see like they did to some Discord users. (example pictures down below.)
Discord has responded to the incident over on Reddit Stating pretty much not to click on random links, but will embed the response to make it easer!
Be sure to take account security safe. Make sure you don’t reuse your password that’s already used for another service. Don’t click on random Links especially when you don’t know who it is or don’t know anything about the site. We suggest you use a password manager like Lastpass or 1password.