Technical Privacy and Security in Discord are simple, all you do is stay aware and know the ongoing scams. I will try to keep the article elaborative and less complicated though out — less terminology, and basic stuff, to make it easy for the larger audience.
One can try to achieve three common things from your Discord presence:
- Seize your Discord account.
- Seize your social media account(s).
- Your private information, like location, IP address etc.
This information is mostly used by the offender to blackmail or perform mischiefs masked under your identity.
Let us explore the very basic aspects
- You need a strong alpha-numeric password, which is not used on any other site and in no way related to you.
Why did I use “related to you”?
If your whole profile on discord is all about black cats, and your password is
iloveblackcats. That is not done! Please don’t make it that easy, think out of the box, and imagine the process from the hacker's perspective.
Have a look here: https://blog.avast.com/strong-password-ideas
- You need to have your Two-Factor Authentication enabled.
You get a free, extra shield to protect your account, why won’t you use it? It does make your log-in process lengthy but in exchange for security. I don’t see a reason why you shouldn’t!
- You need a decent browser and make sure, it is updated. Chrome is a balanced browser.
- Tweak your privacy settings to make them as strict as possible.
Password breaches on discord are not that common, because breaching a password needs a lot of effort, and all that for a single person is just not worth it unless you are some very influential person.
Be sceptical of links and files shared in Discord:
Case 1: If your closest friend on discord is sending a sudden promotional offer or a discord nitro link or something sort, look at the link slowly and carefully and take your time to analyse what it is.
This is not your reaction test, you have your time, mostly this is going to come out as a “scam through DMS” and your friend is probably hacked.
Case 2: Scammers often make websites with the domain being very close to a popular or trending site, just to catch the attention of the viewers. Such a site will somehow convince you to log in to your social account, again that is not going to be your real login page, it will be their own, similar to the original login page.
It will act like a form and instantly store your Username/email or password.
If a scam tries to seize your discord account, it might also contain a QR code just like your general discord login page. You scan the QR code and instantly hand over your account details to them.
Case 3: Instead of getting your credentials through the discord login page, they can use a method called privilege escalation to gain control of your device through discord and vice-versa.
Case 4: They might also get your IPV4 logged in the very same way, sending you a link that logs your IP address but with an eye candy mask to avoid being identified.
If you want to be extra secure with your IP address use a WebRTC blocker on chrome or other browsers if you already don’t have one. Check. if your browser is leaking your IP at https://webbrowsertools.com/test-webrtc-leak/ .
If it is, you should get yourself a blocker, though using one will limit some internet usage and flow, so preferably use it only when needed.
I use WebRTC Control, to block WebRTC leaks. You might just use a VPN as well. [Recommended for overall protection]
There can be 100s different cases, but you realise that most can be omitted by making it a habit not to click a link or accept a file on discord without recognising it.
If you are curious to know the technical details on what goes behind spreading malware in Discord, you can refer to a report published in 2021 by the Cisco threat intelligence team.
What is social engineering and how oversharing can put your account or privacy under threat?
The first step in most social engineering attacks is for the attacker to perform research on the target. If the target is an enterprise, for instance, the hacker may gather intelligence on the organizational structure, internal operations within the industry and possible business partners, among other information.
From there, the social engineer can design an attack based on the information collected and exploit the weakness uncovered during the reconnaissance phase, here we get back to why I used “Related to you” in the first point. So share things only with people you know.
That's all for today, hope you enjoyed today's article. Make sure to join our official Discord server to discuss further on this topic or suggest new articles!