July 3

How To Avoid Discord Scams

You're hanging out in that random voice call with your friends talking about whether cats would enjoy eating tacos. And then you see it in your DMs or a public chat section:

You've won free nitro! (not)

Oh my god! I won something! Not likely. This is a scam designed to steal your personal information. These links will often emphasize the urgency of acting fast before it expires. In reality, what they want is you to click the link without reading it. Why would that matter? Scam links are often designed to look legitimate. They might include images that display stolen from Discord, and they often mimic the look of official Discord Nitro Links. For instance, if discord.gift/rAnD0mC0dEis a legitimate code, a scam link might look like dlscord.gift/rAnD0mC0dE.

How does it work?

After clicking the scam link, you'll likely be brought to a page to login to claim the fake nitro. In reality you will be handing over your details to the scammer on a page that looks similar to Discord upon first glance. There might be links that take advantage of logging your IP address, which can give away your internet provider location and device specifications. Clicking a link could give consent to downloading a malicious file to your device. A fake nitro link is only one form of this scam. Others include:

  • Leaving steam and giving away items
  • Random requests to beta test games
  • Invitations to join a secret or limited availability Discord Server [HypeSquad, Moderator Programs, Programming Servers, etc.]
  • Accusing you of wrong doing in another server and immediately blocking you [normally used to guilt you into joining a scam server and bait you for login information.]

A legitimate nitro code will always contain discord.gift/. Nothing will be added to the link, nothing removed. A legitimate link will also contain https://, nothttp://.

A legitimate program invite will always be either a message from a Discord ✔️ System, or a message from a Discord Employee 🛠️. If they do not have a staff badge on their profile, or it is not a system message, it is not real.

Discord system message
Discord employee badge

The simplest way to protect yourself is read the messages carefully. Ask yourself if you can trust this person based on their reputation and message history in mutual servers, their social media presence, or their conduct. When you don't have logical assumptions on their intent, don't click the link, and this includes people you know. Why can't you trust people you know? Because people you know might one day say this:

I clicked the phishing link! What do I do!?

If you are somehow still logged into your account, change your password and enable two factor authentication if possible. If your Discord account is compromised, you should file a report with support, as they have tools to assist you. These concepts apply to other communities such as Steam as well. The links below apply for Discord:

Often times the accounts that are compromised will send out scam links to others. If you were hacked, you should make the effort to check your DM history and try to give warnings to users sent scam links, and to the servers you were in. You may also have been banned in communities the hacker sent scam links in order to protect others. That means that the account that sent you a scam link could be from a regular user's hacked account, not a scammers account. Reporting these issues besides helping yourself, will help others who have been hacked.