{"id":19522,"date":"2022-07-06T07:19:18","date_gmt":"2022-07-06T15:19:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/07\/06\/news-13255\/"},"modified":"2022-07-06T07:19:18","modified_gmt":"2022-07-06T15:19:18","slug":"news-13255","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/07\/06\/news-13255\/","title":{"rendered":"Discord Shame channel goes phishing"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 06 Jul 2022 15:09:03 +0000<\/strong><\/p>\n<p>A variant of a popular piece of social media fraud has <a href=\"https:\/\/piunikaweb.com\/2022\/07\/05\/discord-shaming-server-invite-scam-heres-what-you-need-to-know\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">made its way onto Discord servers<\/a>. <\/p>\n<p>Multiple people are reporting messages of an &#8220;Is this you&#8221; nature, tied to a specific Discord channel.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">is this a new discord scam or something? someone I haven\u2019t spoken to in years randomly sent me this and when I go to join the server I have verify by scanning the qr code (not happening) <a href=\"https:\/\/t.co\/b2DR4Bhk4R\">pic.twitter.com\/b2DR4Bhk4R<\/a><\/p>\n<p>&mdash; puppygoose ! <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/2601.png\" alt=\"\u2601\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> vtuber (@puppygooose) <a href=\"https:\/\/twitter.com\/puppygooose\/status\/1543658831179284481?ref_src=twsrc%5Etfw\">July 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/div>\n<\/figure>\n<p>The message reads as follows:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>heyy ummm idk what happened of its really you but it was your name and the same avatar and you sent a girl erm **** stuff like what the ****? [url] check #shame and youll see. anyways until you explain what happened im blocking you. sorry if this is a misunderstanding but i do not wanna take risks with having creeps on my friendslist.<\/p>\n<\/blockquote>\n<p>The server is called Shame | Exposing | Packing | Arguments.<\/p>\n<p>Visitors to the channel are asked to log in via a QR code, and users of Discord are reporting losing access to their account after taking this step. Worse still, their now compromised account begins <a href=\"https:\/\/www.reddit.com\/r\/discordapp\/comments\/voqg5z\/should_i_just_ignore_this\/ieeqsr3\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">sending the same spam message<\/a> to their own contacts.<\/p>\n<p>Discord itself <a href=\"https:\/\/support.discord.com\/hc\/en-us\/community\/posts\/360056259612\/comments\/360008948772\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">warned users over two years ago<\/a> to only scan QR codes taken directly from their browser, and to not use codes sent by other users. Unfortunately this has been a concern for unwary Discord users for <a href=\"https:\/\/portswigger.net\/daily-swig\/discord-users-warned-over-qr-code-login-scam-that-can-result-in-pwned-accounts\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">some time now<\/a>. <\/p>\n<h2>Tips to keep your Discord account secure<\/h2>\n<ol>\n<li><strong>Enable two-factor authentication<\/strong> (2FA). While you&#8217;re <a href=\"https:\/\/support.discord.com\/hc\/en-us\/articles\/219576828-Setting-up-Two-Factor-Authentication\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">doing this<\/a>, download your backup codes too. Should you land on a regular phishing page and hand over login details, the attacker will still need your 2FA code to do anything with your account. Note: Some phishers are now stealing 2FA codes too, so this isn&#8217;t foolproof, but it is a good security step to have anyway.<\/li>\n<li><strong>Turn on server wide 2FA for channel admins<\/strong>. This means that only admins with 2FA enabled will be able to make use of their available admin powers. This should hopefully keep the channels you&#8217;re in that little bit more secure.<\/li>\n<li><strong>Use Privacy and Safety settings<\/strong>. Tick the &#8220;Keep me safe&#8221; box under &#8220;Safe direct messaging&#8221;. This means all direct messages will be scanned for age restricted content. You can also toggle &#8220;Allow direct messages from server members&#8221; to <a href=\"https:\/\/discord.com\/safety\/360043857751-Four-steps-to-a-super-safe-account\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">restrict individuals<\/a> who aren&#8217;t on your friends list.<\/li>\n<li><strong>Make use of the block and friend request features<\/strong>. You can tell Discord who, exactly, is able to send you a friend request. Choose from &#8220;Everyone&#8221;, &#8220;Friends of friends&#8221;, and &#8220;Server members&#8221;.<\/li>\n<li><strong>Report hacked and suspicious accounts<\/strong>. Pretty much every option you can think of is available in the <a href=\"https:\/\/support.discord.com\/hc\/en-us\/categories\/115000168351\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Trust &amp; Safety section<\/a> for reporting rogue accounts and bad behaviour. Individual messages can be <a href=\"https:\/\/support.discord.com\/hc\/en-us\/articles\/360000291932-How-to-Properly-Report-Issues-to-Trust-Safety\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reported<\/a>, and you can see how bad actors are <a href=\"https:\/\/support.discord.com\/hc\/en-us\/articles\/360039598252-Protecting-Your-Data\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">prevented from scraping your user data<\/a> for nefarious purposes. Finally, a form exists for you to report <a href=\"https:\/\/dis.gd\/report\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">specific bots sending harmful links<\/a>.<\/li>\n<\/ol>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/07\/discord-shame-channel-goes-phishing\/\">Discord Shame channel goes phishing<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/07\/discord-shame-channel-goes-phishing\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 06 Jul 2022 15:09:03 +0000<\/strong><\/p>\n<p>We take a look at reports that a Discord channel is being used to scare users into handing over login credentials.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/07\/discord-shame-channel-goes-phishing\/\">Discord Shame channel goes phishing<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[13656,11539,3924,22519,10574,12046,26869,1596],"class_list":["post-19522","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-discord","tag-fake","tag-phishing","tag-qr-code","tag-scams","tag-server","tag-shame","tag-theft"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19522"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19522\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}