Table of Contents:
With the increasing popularity of Discord in recent years, there has also been a major increase in cybercriminals looking to swindle Discord users out of their money or valuable personal/sensitive information.
In this guide, we will discuss all you need to know about Discord scams, how to protect yourself and your brand from them, and how to report these scams to mitigate the damage and prevent them from happening to others.
Before we actually discuss how to stop and mitigate these Discord scams, let us begin by discussing the different types of fraudulent activities and scams on Discord.
Even if Discord can be considered a relatively simple platform when compared to other social media platforms, there are many different technologies and methods cybercriminals can leverage to launch dangerous scams on Discord.
However, here are the most prominent types of scams on Discord:
1. Spreading malicious links
Users sending dangerous links are unfortunately very common on Discord and can be sent by scammers or compromised legitimate accounts.
There are many different ways scammers can take advantage of these malicious links, but typically it’s either to launch a phishing scheme or to infect users with malware (including ransomware).
With that being said, it’s very important to always be careful before clicking on any links and URLs on any Discord servers.
A common scheme is for the scammer to offer something valuable together with the link (i.e., claiming the link will point to a free game download or an interesting video). It’s always better to be reasonably suspicious, and you should not click any link until you’ve verified that the sender is a trusted user.
Another option you can take is to copy-paste the link to URL checker sites like ScanURL to verify the validity of the link.
If you’re sure a user has sent you a malicious link, and especially if they’ve done it multiple times, it’s best to take action and report them to Discord as soon as possible.
2. Fraudulent giveaways
There are a lot of legitimate giveaways on Discord servers, and this is why many scammers often take advantage of Discord users’ familiarity with giveaways by hosting fake versions of them.
Typically these fake giveaways are combined with phishing techniques to trick users into divulging their personal or sensitive information. The scammer will typically provide a link, claiming that it will allow users to claim their prize.
In reality, however, these links will typically lead to a phishing website and probably will also infect the users with malware.
A common technique is for the scammer to claim that the giveaway comes from a well-known company. In such cases, try messaging the alleged company on their official Discord channel or other social media profiles. You can also forward the screenshot of these claims to confirm whether the giveaway is indeed legitimate.
3. Nitro scams
If you are not familiar with it, Nitro is the name of Discord’s premium plan (like Amazon’s Prime), giving users extra features like additional stickers and emojis and the ability to use animated avatars, among others. At the moment, Nitro costs $9.99/month or $99.99/year if you are going to pay annually.
Due to the popularity of Discord, obviously, a large number of users would like a free Nitro membership, and this is where the fraudsters come in.
Typically, this type of scam involves the fraudster (or with the help of a bot) spamming Discord servers with links to this alleged free Nitro, which will lead to a phishing website. This type of scam can also result in the user’s account being compromised and will then be used to spam more fake free Nitro links, making this scam more dangerous since now the spam is coming from a (compromised) trusted user on the server.
4. Crypto and NFT-related scams
With the increasing popularity of cryptocurrencies and NFTs in recent years, especially among the younger demographics that frequently use Discord, scammers have been actively targeting Discord channels with crypto and NFT-related scams.
Scammers may impersonate legitimate Discord users and act as crypto experts, insiders, or may even build relationships (i.e., catfishing) first before attempting to convince the Discord user to invest in crypto schemes, promising huge returns.
As a general rule of thumb, you should ignore and avoid any crypto and NFT-related messages on Discord unless you are on servers with crypto and/or NFT as the topic. Even then, if you feel a scheme is attractive and seemingly legitimate, make sure to do research as much as you can about the investment before sending any money or divulging your personal information.
Always be reasonably cautious with your money and your sensitive information at all times.
5. Impersonating a Discord representative
Another common technique employed by fraudsters on Discord is impersonating a Discord representative or partner in an attempt to trick users into divulging their personal or sensitive information, or into sending money directly to the fraudster.
Typically, when messaging users with a fake “official” Discord account, the message will include an attractive offer (i.e., free Nitro, an opportunity to join a limited community, etc.), and then followed by a malicious link as part of the scam (for phishing or spreading malware).
The official Discord channel often messages users, so you shouldn’t confuse the official channel with fake ones, and you should be able to recognize what an official message looks like. When you receive messages from those claiming to be representatives, compare the message to those coming from the official channel.
While completely protecting yourself from Discord scams can be quite challenging due to the wide variety of scams performed by fraudsters, it is definitely possible and doesn’t have to be more complicated than it should.
Here are some simple but effective best practices you can follow to protect yourself and your brand from various types of fraud attempts on Discord:
A very important best practice to follow during your activities on Discord is to never download and run any software or applications unless you are 100% sure about the credibility of the source.
In most cases, when a Discord user offers a download link for a program with “special features,” “early BETA,” or other reasons that are seemingly too good to be true, they are misleading you in order to infect your device with software or tricking you into submitting your credentials/personal information with this fake program.
Downloading and running software solutions from an untrusted source is almost always not recommended, and not to mention, even if the program ends up being legitimate, the value might not be worth the risks.
Similar principle to the above: don’t click on anything from untrusted sources.
A massive number of security issues on Discord stem from users clicking on links instinctively before they even know whether the link comes from a legitimate source. Don’t make this mistake.
Instead, make sure to always double-check on any link before you click on it. Again, there are various sites that can help you check the validity of the link, so use them to your advantage.
Fortunately, Discord is actively monitoring these malicious links with its automated algorithm that is continuously being improved. However, it’s always best to be safe than sorry later and protect yourself with cybersecurity best practices rather than solely relying on Discord’s initiatives.
One of the best ways to prevent scams and fraud on Discord is actually pretty simple: disable your DMs.
Fortunately, Discord provides the ability to disable or enable receiving DMs on servers you’ve just joined. This way, you can prevent unknown users from DMing you, unless you’ve already friended them.
To configure who can and can’t send you DM, simply go to User Settings, then Privacy & Safety, scroll down to Server Privacy Defaults, and you should be able to find Allow direct messages from server members. Toggle it on or off as you see fit.
If you toggle this option off, members of this server can’t send you DMs, unless you’re already friends with them beforehand. Keep in mind, however, that this setting should only apply to servers joined after you’ve turned on or off the toggle and not the servers you’ve joined before.
Configuring this setting is especially important if you frequently join new communities.
Never share your Discord account’s password (or any of your passwords at all) during Discord chats. Remember that sharing your account’s credentials with others will not only give away access to the tied account but also will divulge the personal and sensitive information you have within this account.
If you are a Discord server owner, make sure to regularly update your invite links to prevent unwanted scammers from joining the server.
However, when you update your server’s invite link, make sure to communicate it to your community and update your social media profiles.
It’s also important to implement clear (but easy to follow) server policies regarding invite sharing and educating your members to always double-check any server invites and the source before clicking the link.
Another key consideration for server owners is to audit their server’s permissions. Make sure to double-check your permission list to check which moderators and/or which members have access to important permissions, and also audit which member or mod should have been given specific permission but haven’t already.
In general, make sure that only trusted moderators with proven credibility have access to important permissions that can significantly affect the server.
On the other hand, if you add any bots and/or webhooks to your server, only give them permissions that are required for their tasks and nothing more.
You may want to refer to Discord’s guidelines for permissions here to make sure you can set up the right permissions for your mods, users, and even bots.
For Discord server owners and moderators:
For any other users:
By following the actionable tips and Discord safety checklist we’ve shared above, you now have a solid foundation to protect yourself and your business from various forms of Discord scams, especially phishing attempts, but also other types of malicious attacks on Discord.
However, keep in mind that despite the popularity of Discord, it is only a small part of the whole internet ecosystem, and you still need to protect your online presence on other platforms. If you have a business and are currently trying to leverage Discord as part of your marketing initiatives, it’s best to invest in comprehensive Brand Protection Software to protect your brand from infringements on Discord and other social networks.