Originally discovered by splitsplatted on Twitter and posted on 26th of June 2019 By: Arcaxon of TSG!'s Server Mod Team
Original Thread: https://twitter.com/splitsplatted/status/1143556723266994176
A user on Twitter wrote about a "#Discord Virus", and made a whole thread explaining how it works. A few of the terms used and things explained in the thread don't use proper terminology and are a bit too alarmist. In this post we'll make sure to make things a bit clearer.
Picture By: @PhoneRebelxD
0.The Scammer's Domain in the Original Tweets Have Been Taken Offline
As of 6h40PM EST June 25th 2019 the domain shown in the screenshots is no longer in service but the lessons from this tweet will always be relevant.
It seems Discord may have sent a demand to the domain company to which the scammer registered to.
1. This is NOT a Virus
This is simply a Phishing scam where people give their usernames and passwords by being tricked into putting them into fake website's forms. A virus on the other hand is a software which is malicious and is installed from, rarely but sometimes, a hijacked app. The reason we don't want people to call things which are not viruses viruses is because it implies the software, here DiscordApp, is distributing harmful software when infact no malicious software is ever involved in this post.
2.How does it work?
This phishing scam starts with a compromised account sending you a link for "Free Nitro" or "Something interesting" as do most common phishing attempts. Simply not clicking random links people who have not talked to you prior or in a while will protect you.
The website itself is trying to pose as a legit "Discord" website by having "Discord" and Discord's usual domain extention "gg". As usual always look at a domain before clicking it, even more if it's supposedly from a recognisable company.
If you do end up clicking the link, the website will ask for your Discord Login credentials. If you do give your credentials and do not have 2FA your account will be hijacked.
Always make sure to put 2FA on any account which allows it!
3. What Should I do if I Have Been Hijacked?
Report it to Discord with your account info here: https://support.discordapp.com/hc/en-us/requests/new?ticket_form_id=360000029731
Learn more here: https://support.discordapp.com/hc/en-us/articles/360000291932-How-to-Properly-Report-Issues-to-Trust-Safety
There's a lot of good advice on the original tweet so you should definitively read it!