Other Discord security advice

[Scarface]

Discord security advice

---

 

Since server raiding and scam links are increasing, we are also increasing the security into our Discord server

 

Terminology

 

‘Raid’ ‘Raider’ - A raid is where a large number of users will join a server with the express intention of causing issues for the server. A raider is an account engaging in this activity.

'Self-bot' - A self bot is an account that’s being controlled via custom code or tools. This is against Discord’s TOS. In the context of raids and moderation, these accounts are automated to spam, bypass filters or engage in other annoying activities.

'Phishing scam link' - Phishing scam link is a fraudulent ("spoofed") message/link sent by an attacker to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. 

 

 

How do detect malicious links ?

 

First of all, never click on links that are send from people that are untrusted !

 

The most obvious way to find out if a link is a fraudulent link is to look at why the link was sent to you : 

• Someone sends you a link, do I know this person ?
• If someone sends you a link that you didn't ask for, why is that person sending it to you ?
• If someone offers you free items (giveaway/lottery) by clicking on the link, what does this person gain by giving you this items ?
• Why would an "official" discord account advertise by message and not by mail?

A person will never send you a gift without a reason, especially if you don't know them

 

It is also important to check the url, and especially the domain name !

• If a so-called official link from discord is sent to you, check that the link is from discord.com
• Check carefully the domain name. In general, characters are exchanged or are added (exemple discord => discorde, dlscord, discorb, ...)
• Check carefully the extension (suffix) of the domain name. In general, a commercial site will end with .com, if it is something else, be careful (exemple discord.com => discord.net, ...)

 

Exemple of phishing link : 

 

  

 

How to report malicious links ? 

 

1. Report the user to Staff+ members so that they ban the member from the discord server
   • Please always take a screenshot when doing the report
   • Report by private message 
   • Report by contact-us if nobody answer
2. Report the user to discord by using the report button
   • 
3. (optional) Report the link to Google without clicking on it so that when people go there, they get a warning page : https://safebrowsing.google.com/safebrowsing/report_phish/

 

What to do if I click on a malicious link ?

 

1. Change your Discord password
2. If attacker already changed your password
   1. Try to change your password with the forgotten password feature
   2. Open a ticket into Discord support : https://support.discord.com
   3. Open a contact-us so that we can block the stolen account

 

It's important to report your account to us with our contact-us because your account is trusted by other members. If your account send phishing to other members, there is more chance that they click on it since it's a "friendly" account !

 

What did Fearles Assassins added to discord to improve your security ?

 

We have added a mandatory verification system for all newcomers. When a user joins the Discord server, the user receives a message with a reCAPTCHA that must be validated.

We use for the verification : 

• Cloudflare security
  • Verify browser integrity
  • Verify that the ip is not a known bot
  • Verify that the ip is not a Tor ip
  • Avoid DDOS / website exploit
• Google reCAPTCHA
  • Verify that the user is not a bot

 

 

 

Do not hesitate to ask us questions or to send us suggestions to improve security