In light of recent events, Discord has been brought back into the media spotlight as classified documents were leaked on a small server.
https://discord.com/safety/our-response-to-the-pentagon-leaks
It’s no secret that Discord has been the center of attention multiple times for phishing, scams and data leaks.
https://threatpost.com/scammers-target-nft-discord-channel/179827/
But what most do not see is the prevalence of cybercrime and illegal activity housed on small Discord servers, hidden in plain sight.
Enter Disboard
Disboard is a popular Discord server listing website, where users can find servers tailored to their interests by searching through tags or keywords.
On the surface, most servers seem to be innocent enough; you’ll find servers ranging from gaming communities and art, to homework help and creator spaces.
But beneath all the niche and interesting communities you’ll see, servers acting as home to cybercriminals, fraudsters and black hats are hidden behind codewords.
Down the rabbit hole
The servers you see above are home to criminals sharing techniques and data regarding:-
- Credit card fraud
- Phishing
- Scams
- Doxxing
And a multitude of other illegal activities.
To a passerby, these servers seem as just another small community, but to someone familiar enough, they’ll notice the use of words such as:-
- Swiping, carding, ccs — tied to credit card fraud
- Methods — illegal income schemes, often by defrauding
- Dumps — data leaks
Reporting Servers
To report suspicious servers, you can follow this guide by Discord. In addition, you can report servers directly on sites they’re listed on.
Common attacks on Discord
IP Grabbing
Attackers will often use sites such as Canarytokens to generate IP grabber-links, and then forward them directly via a message or using a compromised account.
http://canarytokens.com/images/fakeurl/contact.php
Once victims open these links, attackers will get a notification via an e-mail or a webhook that contains the victim’s IP address, details about their useragent, browser and whether the request came from a known Tor exit node.
Often, attackers will hide the link by using a URL shortening service such as ShortURL or bitly.
If you receive a shortened link, a good way to check whats hidden behind it is using unshorten.it.
The end-goal of this is to collect more information about victims to “dox” them, revealing their true identity and personal information.
QR Code login
Discord has a nifty feature where you can sign into a new device by scanning the QR code on Discord’s login page using the Discord application (provided you’re logged in there).
This is a nice feature that’s easy to use and saves time, however attackers are exploiting this by, most commonly, blocking access to a server until a user has “verified” their account by scanning a provided QR code.
Using Discord safely
Thankfully, Discord has been proactive about preventing cybercrime, account compromise and illegal activity.
Here are some resources by Discord:-