6 Best Practices For Avoiding Discord Hacks and Scams

Discord is a widely used communication platform, particularly in the Web3 ecosystem. While it’s a great way to meet new people and build communities, as with any online interaction, it’s important to protect yourself while interacting on Discord. 

As with most online spaces, Discord is a common target for online threats. Through a variety of tactics like pop-ups, phishing links, and impersonation, users can have their personal data stolen, or even worse – have their crypto wallet hacked. 

6 Best Practices For Staying Safe on Discord

Discord scams are often confidence schemes. This means that they rely on your already established trust in a brand or a person. When you land on a pop-up that looks like a brand you know, you’re primed to trust it. Other Discord scams trick users by offering “exclusive” opportunities. 

To help you stay protected, we’ve summarized 6 of the most common Discord hacks, and how to avoid them. 

1. Don’t Sign Into Discord Through Suspicious Pop-Ups

Authorization pop-ups have become a common method that phishers are using to steal access to Discord accounts. These pop-ups appear as a new window that looks like one your browser would make – but it isn’t. 

These pop-ups are typically a fake Discord verification bot page made with javascript. When you fill out the pop-up, your sensitive information is shared with the attacker.

So how can you avoid this type of phishing attack? Never sign into Discord through a pop-up that appears after clicking a link. Always navigate to Discord yourself, using your browser window or the mobile app.  

Source: Jon_HQ on Twitter https://x.com/Jon_HQ/status/1827789060422942788 

2. Never Click Unfamiliar or Unexpected Links 

If you leave Discord by clicking on a link that takes you elsewhere, it's possible that the external site can access your personal information. Of course, there will be links you receive in Discord that you’ll want to navigate to. 

To stay safe, run unfamiliar links through a checker like ChainPatrol’s Search Page to check for known phishing sites. There’s also VirusTotal. You will want to copy and paste the link into a checker – don’t click on it until the checker has confirmed it’s safe. 

You’ll want to be wary of shortened URLs, too. Run all shortened URLs through a URL expander to ensure you know exactly where you will be directed if you click. 

3. Never Download Files From People You Don't Know 

You should always be cautious of downloading files on Discord that you’ve received from someone you don’t know (or someone you think you know). Similar to unfamiliar or unexpected links, files shared through Discord can threaten the security of your data and your crypto wallet.

One of the most dangerous files you may come across on Discord is a “.exe” file. These files are designed to execute a specific function on your computer, which can lead to your data being compromised.

It’s best practice to simply never download files from people you don’t know, or barely know. Aside from this, you can leverage an antivirus program, or tools like Windows Sandbox, to scan anything you download for malware. 

4. Carefully Vet NFT Drops and Other Giveaways

NFT drops and giveaways are exciting, but they’re equally dangerous. Anything being given away for free has the potential to be a malicious online threat.

For example, in a scam NFT drop, a scammer will airdrop (ie, send) one or more NFTs to your account. The people associated with the project may be malicious and guide you to click a link.

Clicking through to that site may lead to a phishing attack that aims to collect your Secret Recovery Phrase or private key. Or, you could be prompted to sign a malicious transaction that could drain your entire wallet.

If you get an unsolicited message offering you free giveaways or NFT drops, it’s unlikely they are authentic, so it’s important to be wary. While servers do use giveaways to attract users, they won’t ever send you links that take you outside of the Discord ecosystem. 

You may be tempted to sign up for a website with the promise of a free NFT. While this could be the case, be cautious of anything that takes you to a third-party site. Always think twice about these offers.

5. Beware of Discord Impersonation

Impersonation is a Discord hack that preys on your trust of Discord staff, and system support bots. These scams typically involve users or bots that are pretending to be Hypesquad and partner program members. 

These impersonation accounts may invite you to join programs which will allegedly give lots of rewards. When you sign up, you’ll be asked to share your personally identifiable information, some of which may be very sensitive.

To avoid falling prey to impersonators on Discord, look for the blue and purple SYSTEM tag next to their name. The “Reply” space will also be blocked by a banner, so if you can reply to the message, it’s probably not authentic.

6. Update Passwords Regularly and Turn on 2FA

When using Discord it’s essential that you follow best practices for passwords, and turn on 2FA. 

Always choose a long password for Discord that uses a mix of uppercase letters, lowercase letters, and special characters that are hard to guess. This password shouldn’t be used for anything else, and it shouldn’t refer to anything about your personal life – for example, don’t use your birthday, or the name of your dog. 

It’s a good idea to update your Discord password every few months. Of course, it’s difficult to remember long and complicated passwords. Using a password manager can make creating and storing your Discord password (and other passwords) extremely easy. 

If your account’s token has been compromised, reset your password to generate a new token. Don’t ever give your account password or token to anyone, and know that Discord will never ask for this information.

Two-factor authentication (2FA) strengthens your Discord account to protect against intruders by requiring you to provide a second form of confirmation that you are the rightful account owner. For 2FA, use an authentication app (or YubiKey) versus your phone number. Phone numbers are easily hacked with a sim swap attack. 

Stay Safe When Using Discord

Scams, particularly crypto scams on Discord, can have a devastating impact. There’s the risk of your personal data that’s been stolen, and even your entire crypto wallet.

Always be cautious of communication over Discord from people you don’t know. Direct messages inviting you to sign up for new crypto exchanges, and invites to new discussion groups can be exciting – but be wary. Never give over your crypto wallet details.

Do you want to protect your brand and community from Discord hacking? Book a ChainPatrol demo to learn how we can help.