Proposal to Enhance Security Against Hyperlink Phishing Scams

Medic

• 21 Kasım 2023 10:29
• Düzenlendi

Proposal to Enhance Security Against Hyperlink Phishing Scams
I want to bring to your attention a critical security vulnerability that has recently affected members of my Discord server. This issue stems from the exploitation of Discord's hyperlink feature by malicious actors, leading to account compromises.

The issue:
Scammers are creating and distributing links that closely resemble legitimate Discord Nitro gift URLs (e.g., `www.discord.com/etc`). These deceptive links, often presented as alluring offers, redirect unsuspecting users to fraudulent websites. These sites, skillfully designed to imitate Discord's login or Nitro redemption pages, capture users' Discord authentication tokens and login credentials upon interaction.

Examples of what these Scam Links can look like:
- [fake discord url](phishing link)
- [https://discord.gift/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
- [www.discord.com/gifts/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
- [www.discord.com/free_nitro/ItoZac32DXoqiBG3](https://www.youtube.com/watch?v=dQw4w9WgXcQ)

In discord it would look like this:
www.discord.com/gifts/ItoZac32DXoqiBG3

*In actual scenarios, these links lead to phishing sites designed to steal user information.*

A significant aspect of this scam is the use of Discord's gift link embed feature, which lends an added layer of authenticity to these malicious links.

Proposed Solution:
I strongly suggest implementing a security measure that prevents the use of legitimate URLs as hyperlinks to external links. This change would effectively neutralize this scamming technique, greatly enhancing the safety and security of Discord users.

Implementing this solution would not only protect users but also reinforce Discord's commitment to providing a secure communication platform. I hope my suggestion will be taken into consideration, and I am ready to provide any further information if needed.

Thank you for your attention to this matter.

Best regards,

Jonathan Nanhu | @medc

Example of the hyperlink + embed:

5

• 

  Medic

  • 28 Kasım 2023 12:38
  • Düzenlendi

  ultrasnoop30 , I really appreciate your input on this matter. While your suggestion to partially display URLs does offer some level of protection, I believe a more robust approach would be to entirely prevent URLs from being converted into hyperlinks within Discord messages.

  The main issue with allowing any form of URL hyperlinking, even in a partial manner, is that it still leaves room for deception. Scammers can craft messages that appear legitimate at a glance, which continues to pose a risk for less cautious users. By completely blocking the transformation of URLs into clickable hyperlinks, we eliminate this potential for misleading representations.

  In essence, if a message contains a URL, it should remain as plain text without any hyperlinking functionality. This approach aligns with the principle that there's no practical need to redirect from one URL to another within Discord. To implement this, a straightforward method would be the use of regular expressions (regex) to identify and neutralize URL patterns, ensuring they don't become clickable links.

  0

Yorum yazmak için lütfen oturum açın.