Discord scams that can steal your data

What are Discord scams?

Discord scams are fraudulent actions related to or performed through the Discord platform. These scams target Discord users to try to access their accounts or capture their personal information. Scammers can also target server owners and attempt to take over servers or nuke them maliciously.

Generally, scammers will use direct messages to send malicious links and files to server members. If you follow these links, they could compromise your Discord account or affect the files on your local system. Scammers could be after money, personal information, or access to accounts and servers for malicious reasons.

How do Discord scams work?

Most Discord scams involve deceiving users into clicking links, scanning QR codes, or logging in to off-site locations. The most common types of fraud use direct messages to contact users. These DMs may come from bots or other users, and both groups may even masquerade as your contacts, having gotten into your friends’ address books or gained full access to their accounts.

For the most part, Discord scams are confidence schemes. They rely on you to trust links sent to you by people you know or play to your desires by offering you exclusive opportunities. However, it’s important to maintain a healthy level of suspicion when using Discord or any other platform.

If you receive a DM from someone you don’t know, you can easily check if they’re on the same server as you. If not, and if they’re not a friend of a friend, they’re often likely to be contacting you for malicious reasons. If they’ve sent you links, QR codes, or offers of gifts, opportunities, or free things, you have to consider why a stranger might be motivated to do so. Likely, their reasons are not altruistic.

The most popular Discord scams

Here are the most common Discord scams you should be aware of:

• 1. Fake games, programs, and downloads
• 2. Fake giveaways/NFT drops
• 3. Discord impersonation
• 4. Free Nitro scams
• 5. Nitro phishing emails
• 6. Crypto scams
• 7. Discord-Steam scams

Discord users can share large files, which often include games and experimental code. Scammers may send Discord malware as file transfers or, more likely, send links for you to click on or QR codes to scan. These links and QR codes take you to malicious websites that may infect your device with malware or ask you to log in to Discord so scammers can steal your password and take over your account. Remember that these messages could come from strangers but could just as easily come from friends’ accounts that have already been hacked.

If you get an unsolicited message offering you free giveaways or NFT drops, it’s unlikely they are authentic. While servers might use giveaways to attract users, they won’t ever send you links that take you outside of the Discord ecosystem. Similarly, you might be lured to sign up for a website with the promise of a free NFT. Be aware, however, that anything that takes you to a third-party site and asks for sign-up is likely to be fraudulent, and you should always think twice about these offers.

One of the sneakiest scams is the impersonation of Discord staff and system support bots. These typically involve users or bots masquerading as Hypesquad and partner program members or inviting you to join these programs, which give lots of rewards. These scams normally ask you to share your personally identifiable information to sign up. To avoid falling prey to them, look for the blue-purple SYSTEM tag next to their name. The “Reply” space will also be blocked by a banner, so if you can reply to the message, it’s not authentic.

Nitro gives you access to bigger downloads and other special features. When someone offers you a free Nitro subscription, you should be suspicious and consider why this person would want to give you a gift they would have to pay for.

Not all Discord scams come through Discord DMs. Nitro phishing emails come to your email inbox and tout free subscriptions to the Nitro service. However, most of these emails are designed for identity theft. They’ll ask you to click on malicious links that will take you to fake sign-up pages where your login details and other personal information will be stolen. If you fall for this scam, it’s important to know what to do if you click on a phishing link.

If you’re a member of a server focused on cryptocurrency, you may be targeted by crypto scams. These schemes involve contacting you by DM or email and inviting you to sign up for new crypto exchanges or discussion groups. They dangle the carrot of free crypto for signing up in front of your nose, but they’re after your personal information, which they can sell to the highest bidder. Never give your crypto wallet details away under any circumstances. No matter how much free crypto is being offered, remember the saying that nothing is free.

As the world’s biggest gaming marketplace, Steam is a popular place for Discord users, many of whom have accounts with both services. In a Steam Discord scam, users may receive unsolicited messages from either service suggesting they link their accounts to receive free promotions like Nitro or free game trials. All you need to do is click on a link to sign up or input your information — but you won’t receive a free prize. Instead, scammers will steal your information and compromise your accounts.

How to protect your Discord account

Despite the prevalence of scams on Discord, the group-chat app continues to combat malicious actors on its platform. Every quarter, the platform bans over 100,000 accounts, many due to unsolicited content and illegal activities.

While the platform works to protect you, you can also take these 12 steps to increase your Discord safety:

• Enable 2FA: Using 2FA or two-factor authentication can keep your account safe even if your password is compromised. You can do this by going to your account settings and selecting “Enable two-factor auth.”
• Use a strong password: Strong and unique passwords don’t include your real name, username, birthdate, or easy-to-guess strings of numbers. Create a long password, use numbers, letters, and symbols.
• Protect your password and token: Never share your password with anyone, even someone claiming to be a Discord representative. They will never ask you for your login details. Likewise, keep your token secure and never share it. It’s better not to even access your token unless it’s necessary.
• Learn to recognize real Discord system messages: When real Discord staff contact you, they’ll have the SYSTEM badge in the member list, not “Bot” or “Verified.” You also can’t reply to system messages because the input box is always blocked.
• Don’t click on suspicious links: The most common scams on Discord involve sending links to websites or downloads. If you can’t be 100% sure who sent the message and why, don’t click on any links. They could infect your system with malware or take you to phishing sites that steal your personal information.
• Don’t scan suspicious QR codes: Like links, you should never scan QR codes you don’t trust. These could also introduce malware onto your device and even take control of your account.
• Leave old servers: If you joined a server a long time ago and no longer participate in it, consider leaving. To do so, simply find the server you want to leave from the sidebar at the left. Select the server name to open a dropdown menu, then select “Leave server.” Taking yourself away from old servers means your information is available in fewer places, making you a target for fewer scammers.
• Limit friend requests: In your settings, you can choose “Who can add you as a friend.” Your choices include “Everyone,” “Friends of friends,” or “Server members.” Choosing one of the latter two settings can keep many scammers away by blocking their friend requests.
• Limit DMs: Normally, anyone you’re on a server with can DM you. To limit the chances you’ll be sent malicious messages, click “Privacy settings” on any server’s dropdown list and turn off the “Allow direct messages from server members” setting. You can get further protection by turning on the “DM spam filter.” Choose “Filter direct messages from non-friends” or “Filter all direct messages” to keep messages that may contain spam out of your inbox.
• Block suspicious users: If you don’t know a user, and they have no connection to you, your friends, or the servers you’re on, you can easily block them. Do this by finding their name, clicking on the three dots to the side of the screen, and then clicking “Block.” Blocking them will make them unable to DM you, limiting the chances you’ll be drawn into a fraudulent scheme.
• Report suspicious activity: If you receive a message that you feel is suspicious and most likely from a scammer, you shouldn’t hesitate to report it. Tap and hold the offending message on a mobile device or right-click it on a desktop. A menu will pop up, and you can select “Report message.” You’ll next be asked to select the type of abuse and then describe the issue. You can also report phishing and other suspicious user behaviors by emailing abuse@discordapp.com.
• Use a VPN: If you use a VPN to connect to Discord, you’ll get extra protection from malicious actors. The VPN prevents access to your real IP address and adds an extra layer of protection against scammers on this platform. It may also include extra features like anti-phishing software. For example, NordVPN’s Threat Protection Pro can detect and block phishing attempts.

What can you do if you get scammed on Discord?

If you have fallen victim to a scam on Discord, you should report it as quickly as possible to limit the damage that could be done to your account and personal information as well as that of your contacts. They may be targeted next through your account to help disarm them. Here are some steps to take if you think you’ve been a victim of a scammer:

• Report the scammer: You can report phishing scams and other abuses to Discord directly. Tap and hold or right-click on a message until a menu pops up, and then select “Report message” to flag a scammer’s DM. Select “Report user profile” from the three-dot menu next to the user’s profile to send Discord. You can also report a scam by sending an email with relevant information and evidence to abuse@discord.com.
• Change your passwords: If you feel that your account may have been compromised by you revealing your password or token to malicious actors, you should hurry to change your password. This step will change your token immediately and limit a scammer’s ability to use your account to defraud others.
• Message your contacts: If someone has possibly gained access to your account or other personal information, it’s a good idea to warn your contacts.

Security tips for Discord server owners and mods

If you’re a server owner or moderator, you have an increased need for security. Malicious actors may want to nuke your server or kick out all members. Worse, as a supposed moderator or owner, they might abuse your reputation to pull more victims into their scams. Here are some ways to increase security for your server:

• Use 2FA: Once you activate 2FA on your account, you can also require all your moderators and admins to use 2FA.
• Set up roles and permissions carefully: Only give trusted mods, bots, and other users roles that give them power in your server. Set up permissions for these roles and be thoughtful about what activities each role needs to be able to perform, like kicking out and banning members.
• Limit server invites and user numbers: By using invites, you can reduce the number of accounts that join your server. While invites limit user numbers, they also help restrict access to spam and scam accounts.
• Set a verification level: Setting verification restricts who can send messages on your server. High-level verification requires users to have been members for more than ten minutes, and the highest level requires a verified phone number. These requirements can be significant deterrents to spammers and scammers.