There is a hack/scam(bypasses 2fa) that scammers are using to compromise discord accounts. If you are a project founder/admin, this is IMPORTANT.
Our server just got attacked.
Here's how, a๐งต
Our server just got attacked.
Here's how, a๐งต
1. A scammer first chooses one of your team members (the target).
2. Scammer goes into another discord server that the target is in.
3. Scammer tricks the other discord to ban the target by impersonating the target, pretending to scam community members for the other discord.
2. Scammer goes into another discord server that the target is in.
3. Scammer tricks the other discord to ban the target by impersonating the target, pretending to scam community members for the other discord.
4. After seeing the target has been banned from the other discord, scammer then impersonates as a mod from that discord & reaches out to the target via dms.
5. Scammer asks the target to prove innocence.
Since the target sees that he/she was indeed banned from the other discord, leads target to believe that the scammer is a real mod.
Since the target sees that he/she was indeed banned from the other discord, leads target to believe that the scammer is a real mod.
6. Scammer does some social engineering such as fake photoshopped discussions with other discord's team members about target's ban.
7. Scammer gets on a discord call with target. Eventually gets target to screen share. Tells target to open inspect element by pressing ctrl+shift+i.
Inspct element has a discord token that scammer can use to take full control of target's disc account. ^BYPASSES 2FA + passwords
Inspct element has a discord token that scammer can use to take full control of target's disc account. ^BYPASSES 2FA + passwords
TLDR: NEVER screen share.
****TURN OFF WEBHOOKS****
The mod that got compromised had admin role for server maintenance which allowed the scammer to turn on webhooks.
A scammer/hacker can bypass discord 2fa by obtaining one's discord key/token from the console.
****TURN OFF WEBHOOKS****
The mod that got compromised had admin role for server maintenance which allowed the scammer to turn on webhooks.
A scammer/hacker can bypass discord 2fa by obtaining one's discord key/token from the console.
Loading suggestions...