4 comments

[ 3.1 ms ] story [ 16.3 ms ] thread
while I think it is important to remind people of those

but then we're going to post every variation of SE on HN?

It’s not even an interesting or novel social engineering attack.
that's exactly what I thought : this isn't specific to discord -- this is a well known gambit that will work basically anywhere where the staff are unwilling to put in the effort of many levels of verification, or where inter-departmental communications have broken down to the point where verification is skipped for the sake of convenience.

the banning falsification is just the cherry on top to add realism and believability, this gambit can be pulled off without the fake bans.

> The attacker will approach a staff member, claiming that their main account got disabled for some (they may state which) terms of service or community guidelines violation.

The whole scam would have fallen apart if Discord (or Reddit, Twitter, Facebook, ...) would be more transparent with bans: publicly marking profiles as "banned", communicating with groups/subreddits/discords that one of their admins/mods got booted off...

The scam relies on arbitrary bans without explanation and communication by platforms.