Admin Login Token Phishing

Phishing attacks on Discord login tokens of staff accounts.

Changing a Discord account password invalidates previous login tokens.

Threat Description

A Discord login token is a string of characters that represents the username and password for an account, making it not too dissimilar from a private key/seed phrase of a wallet. Discord tokens allow for logins that bypasses two-fact authentication (2FA). Examples of common phishing scams for Discord login tokens:

Fake Discord Nitro gifts or other trojan horse-like packages that mislead users to fraudulent browser-based discord login pages
Social-engineering techniques that mislead users into sharing the information (text/screen-share)
Malicious files (fake images/movies/audio, .pdf .doc etc.)
Tricking users into dragging a bookmarklet on a webpage
Tricking users into scanning a fraudulent QR code

Whether it's under the guise of a collaboration, or inquiries for employment and/or services, the end result is the same. The admin was compromised by clicking a link, downloading a malicious file, and/or voluntarily handing over their private key.

Prevention

Adhere strictly to closed DM policies & use auto-mod tools to prevent malicious links from landing in Ticket Channels and Server
Never screen share with anyone
Never download files through Discord
Never follow instructions to bookmark or click and drag a bookmarklet
Never scan a QR code
Never use an Administrator account to visit other Discords
Have all bot websites/docs, tooling, and frequented websites bookmarked and/or memorized and make it a practice to manually visit those services instead of trusting links sent by others
Consider trust-less systems for collaborations whenever possible and do NOT have Administrators or users with high-risk permissions handling collaborations/partnerships

How to Respond to Attack

Immediately change the password of the compromised account, this will invalidate the previous login tokens. Go ahead and setup a fresh email and change that as well.

PreviousWebhook Attack NextStaff Impersonation

Last updated 2 years ago

Admin Login Token Phishing

Phishing attacks on Discord login tokens of staff accounts.

Changing a Discord account password invalidates previous login tokens.

Threat Description

Fake Discord Nitro gifts or other trojan horse-like packages that mislead users to fraudulent browser-based discord login pages
Social-engineering techniques that mislead users into sharing the information (text/screen-share)
Malicious files (fake images/movies/audio, .pdf .doc etc.)
Tricking users into dragging a bookmarklet on a webpage
Tricking users into scanning a fraudulent QR code

Prevention

Adhere strictly to closed DM policies & use auto-mod tools to prevent malicious links from landing in Ticket Channels and Server
Never screen share with anyone
Never download files through Discord
Never follow instructions to bookmark or click and drag a bookmarklet
Never scan a QR code
Never use an Administrator account to visit other Discords
Have all bot websites/docs, tooling, and frequented websites bookmarked and/or memorized and make it a practice to manually visit those services instead of trusting links sent by others
Consider trust-less systems for collaborations whenever possible and do NOT have Administrators or users with high-risk permissions handling collaborations/partnerships

How to Respond to Attack

Immediately change the password of the compromised account, this will invalidate the previous login tokens. Go ahead and setup a fresh email and change that as well.

PreviousWebhook Attack NextStaff Impersonation

Last updated 2 years ago