Discord Scams — How to avoid them and what to do about them

A guide to help the Discord community squish those scammers.

Discord is a popular community chatting and instant messaging software for people from all over the world. It is commonly used by gamers, development studios, streamers, fan clubs, and cryptocurrency enthusiasts, amongst others.

However, these aren’t the only people interested in Discord. Unfortunately, wherever there is a large gathering of people with a common interest, it also attracts the attention of people of the more shady variety. Cybercriminals. Much in the same way that a popular watering hole in the wild would attract the attention of predators.

It should be pointed out at this point that cybercriminals can be found in many online communities — not just Discord — and that Discord is trying to find ways to combat them. Until then, this guide should help you in some way to fight back against scammers.

What do scams on Discord look like?

Stock photo from Pexels

Discord scammers come in many varieties.

It usually depends on the intention of the scammer and the purpose of the Discord server that the scammer is targeting.

Here are some examples of the most common scams you may experience on Discord:

• Cryptocurrency scams: These scammers will send you a DM that (usually) claims that you have won a giveaway of some sort, where the prize is cryptocurrency funds, usually but not always Bitcoin. These scams are predominantly sent out by bots who will raid a server with poor security and immediately DM its users.
• Twitch, Steam and Nitro Giveaway scams: These scams may take place in either DMs or in public channels on servers. They are generally someone claiming to give away free games, free game content, free game accounts and free Nitro gifts. These are easy to detect as they will often have spelling errors in their links, for example “Strean” instead of “Steam”, “Tvvitch” instead of “Twitch”, or “Nitr0” instead of “Nitro”. Calm down — nobody is going to give you a free rare Fortnite skin or an expensive premium CS:GO in-game item for nothing, it’s a scam.
• Giveaway scams: Similar to the two previous points above, some scammers my privately or publicly share a link to a “giveaway” or to a server that is claiming to be hosting one. These “giveaways” will probably try to get you to share account details. Or they may ask for funds along the lines of “send us £500 and we’ll double it to £1,000!” — I shouldn’t really need to tell you that this sort of thing is fake, right? Check the community’s official announcement channels and social medias for any genuine giveaway announcements, don’t just jump on the bandwagon because some random person told you about it.
• Support scams: These scammers will prey on a server’s official support channels. When a user asks for support in that channel, the scammer will pounce on them with a DM, claiming to be an official support representative of that community. The purpose of this is to try and gain funds or account details from you. A good community server enforces policies such as “official staff will never DM users first” to try and help you identify these scammers.
• Shilling scams: These scammers mostly target servers relating to cryptocurrency and stock trading. They will usually DM you claiming that they have “insider knowledge” or something similar about a cryptocurrency or other trade that will soon spike in value, so you should invest in some right now in order to profit later. But, of course, it will never go into profit and the scammer has probably just made hundreds (or, Odin forbid, thousands) from you buying worthless crypto or stock that you are never going to make a financial return on.
• Trading tutor scams: These scammers will probably publicly post in a cryptocurrency or trading server itself rather than DM users, to try and pass themselves off as a legitimate and helpful member of the community — when in fact, as we smart types know, that is not the case. These scammers will offer to advise or tutor you in cryptocurrency or stock trading for free, often making claims like, “did you know you can make £1,000 profit in an hour? DM me to learn how”. They’re actually targeting those who are not very skilled in trading and are after their cryptocurrency wallet or stock trading account details so that they can drain them — don’t do it.

There are other types of scams out there, but these are the most common. Bear in mind that scammers are constantly evolving their tactics as Discord and server owners take steps to try to eliminate them.

What to do about scammers

Stock image from Unsplash

Ultimately, it is down to Discord itself to enforce new security measures to fight against scammers on their platform. And over the years they have been implementing new features to try and help with this, such as member screening for community servers.

However, I personally find that these measures, so far, are too little too late for many people in larger communities. Here are some tips on avoiding scammers in the meantime.

• Stranger danger: Remember your parents and teachers constantly drilling into your head as a kid catchphrases like “stranger danger” and to ignore strangers, especially if they are trying to offer you something? Well, this applies to your adult life too. Be wary of any strangers who contact you online. Sure, they may look professional, sophisticated and probably helpful — but so did Jack the Ripper. Random messages from people you do not know should be treated with extreme caution — or better, ignored. If, for whatever silly reason, you decide to respond to these strangers, never share any personal details with them, nothing at all. Even a name and city is enough for them to Google your social media accounts, where they will find more information on how to get what they want from you.
• Do not click links: Let’s face it, humans like pressing buttons. Whether it’s a button on a kid’s toy that makes a “moo” or “baa” noise, a mysterious symbol on the TV’s remote control, a big red button in a nuclear missile silo, or even a link online. Random, unknown links being posted in public or private could be an attempt to direct you to a shady website (which may sometimes look legitimate). These links will often contain typos — so check them rather than clicking them instinctively. There are also free security services where you can copy/paste links into before clicking them to see if they are safe, such as VirusTotal. Some professional anti-virus products may also include browser extensions which scan links you click and block them if they are suspected of being shady.
• Use two-factor authentication (2FA) everywhere: Yes, I know, it’s annoying having to open a secondary app or receive a text on your mobile device in order to get a code that you will need to enter on the login page to be able to access your accounts. However, this minor annoyance could save you a massive migraine of a nightmare later on. Even if your account details are acquired by a scammer, they still will not be able to access your accounts unless they physically have your mobile device in order to receive the 2FA code, which is extremely unlikely unless they were sitting right behind you and snatched it from you. Oh, and always keep your mobile number up to date wherever you use 2FA.
• Improve your message scanning settings: Head on into the Privacy & Safety section of your personal Discord account settings. There you will see a section entitled “Safe Direct Messaging”. For the highest level of security, you should set this option to “keep me safe”, which scans all DMs you receive for possible shadiness. Choosing the “my friends are nice” option is only useful if you’re not the type of person who accepts random friend requests. Which takes us to the next point.

• Disable friend requests: Scammers may try to add you as a friend first, in case your Safe Direct Messaging option is still set to the default “my friends are nice” setting, which means DMs from “friends” won’t be scanned for shadiness. In the Privacy & Safety settings of your Discord account, you can also disable the ability for anyone to add you as a friend.

• Disable DMs from non-friends: One of the best measures against scammers is to actually disable the ability to receive DMs from anyone that is not in your friend list. You can also so this in your Privacy & Safety account settings and in your personal server settings (click the down arrow in the top-left of the server, then select the Privacy option).

• Report. Always report: You should always check the mutual servers that you share with anyone who sends you a suspicious DM. Then you should head on into that server and report the DM to the staff there, including providing a screenshot as proof. You should also consider reporting the suspicious DM to Discord itself — not only so they can deal with the scammer on their end too, but also so that they can learn how scammers are evolving their tactics in order to combat them.

I fell for a scam. Help!

• If the scammer now has access to any accounts that you have, immediately go and change the passwords for those accounts right this second. If your account has been compromised, or you are unable to access it anymore, contact the website’s support team.
• If the scammer now has access to banking or credit card account, you will need to immediately contact your bank or credit card provider to get your accounts frozen and cards cancelled. Some banks may also allow you to freeze your account yourself via a secure banking app — but this is probably useless if the scammer has managed to lock you out of the account by changing passwords and security questions. This also applies to online money services such as PayPal and Monzo.
• If the scammer now has access to your cryptocurrency wallet, you should immediately change any passwords. As an extra safety measure, you should also transfer all of your funds and NFTs from that wallet into a new one and forget that the compromised one ever existed. This can be an expensive lesson on chains/networks where fees are particularly high.
• If the scammer now has access to official or corporate accounts — you should change the passwords right away. You will also need to inform your superior of this breach, so they can take security measures against it.
• If the scammer has taken large amounts of funds from you, then you will need to contact your national law enforcement. This has now become a serious criminal fraud investigation.

It is very unfortunate that there are always going to be individuals of the shady variety preying on vulnerable people in popular Discord communities. However, until Discord figure out some effective tactics to push these waves of scammers back off of their platform, I hope that this guide helps some people.

Stay safe out there!