Proposal to Enhance Security Against Hyperlink Phishing Scams

Medic

Proposal to Enhance Security Against Hyperlink Phishing Scams
I want to bring to your attention a critical security vulnerability that has recently affected members of my Discord server. This issue stems from the exploitation of Discord's hyperlink feature by malicious actors, leading to account compromises.

The issue:
Scammers are creating and distributing links that closely resemble legitimate Discord Nitro gift URLs (e.g., `www.discord.com/etc`). These deceptive links, often presented as alluring offers, redirect unsuspecting users to fraudulent websites. These sites, skillfully designed to imitate Discord's login or Nitro redemption pages, capture users' Discord authentication tokens and login credentials upon interaction.

Examples of what these Scam Links can look like:
- [fake discord url](phishing link)
- [https://discord.gift/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
- [www.discord.com/gifts/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
- [www.discord.com/free_nitro/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)

In discord it would look like this:
www.discord.com/gifts/ItoZac32DXoqiBG3

*In actual scenarios, these links lead to phishing sites designed to steal user information.*

A significant aspect of this scam is the use of Discord's gift link embed feature, which lends an added layer of authenticity to these malicious links.

Proposed Solution:
I strongly suggest implementing a security measure that prevents the use of legitimate URLs as hyperlinks to external links. This change would effectively neutralize this scamming technique, greatly enhancing the safety and security of Discord users.

Implementing this solution would not only protect users but also reinforce Discord's commitment to providing a secure communication platform. I hope my suggestion will be taken into consideration, and I am ready to provide any further information if needed.

Thank you for your attention to this matter.

Best regards,

Jonathan Nanhu | @medc

Example of the hyperlink + embed:

2

Opmerkingen

1 opmerking

Datum Stemmen
  • VelvelaJade

    Another idea would simply be to only allow approved members to post links to external sites. However, if they are cracking into discord and changing links, then what needs to happen is this goes to security support on discord instead of the forum where it will be mostly ignored due to lack of votes. I'd put in a support ticket. 

    Best wishes!

    0

U moet u aanmelden om een opmerking te plaatsen.