Tell HN: New Discord phishing attempt going around

1 points by enraged_camel ↗ HN
A clever phishing attempt seems to have emerged, where you get a direct message from someone on your friends list, and it contains a URL that looks like a Discord URL. The link takes you to a login page that looks identical to Discord's own login page. You can guess the rest.

Details here: https://twitter.com/splitsplatted/status/1143556723266994176

2 comments

[ 2.8 ms ] story [ 17.7 ms ] thread
The mitigation recommendations in that thread seem a bit weird, effectively telling people to completely abandon compromised accounts.

Does discord have some weird architectural aspect that doesn't allow for a regular a) change password, b) enable 2FA, c) logout all existing sessions mitigation to leaked credentials?

theres nothing fancy about it. its just a plain ol' copy login page and start phishing with similar looking domain

and the twitter guy makes it sound like its a huge deal...