Custom Server Invite Link should NOT be tied to Nitro Boosts for SERIOUS security reasons

Dareth
  • Düzenlendi

If this has already been brought up, then I apologize but this security vulnerability was brought to my attention recently that scammers are using to their advantage to fool a lot of people with their “impersonation” server.
Basically what happens is once the server no longer meets the quote of server boots, then they lose their Custom Server Link.  Scammers take notice of this, which is what legit happen recently to a semi-large community server, and they claim it quickly with their own large “scammer” server and swap out all the content in that server to try and “pretend” to be this popular large community server.
Any new members joining will be required to “verify” themselves through this bot (which also is a fake version of an actual popular security bot) by clicking the buttons or links the bot provides to you. It will lead you to a phishing site that looks like an actual Discord login page, but obviously it is not and they'll steal your information.


This recently happened with Gildedguy and if you check right now at this “fake custom invite link” (before you check it out, just be aware they may fix this soon or delete the server because it has been getting flagged a lot recently, so might not be the case soon and you might be redirected to the actual Gildedguy server) at this invite link here:  /invite/gildedguy

One way to tell immediately it is fake is that these scammers are hella dumb because they didn't setup the permissions correctly on this server, which resulted in people being able to create “Events” and “Threads” trying to warn people this is a fake server.
Going to provide screenshots just in case.
https://i.imgur.com/eoax14o.png
https://i.imgur.com/xd0t7ke.png

You will also see in the next screenshot, me talking to one of the original bot devs, and reporting this fake bot impersonation of theirs.
https://i.imgur.com/gK2QM7M.png

Solution:
Do not tie Custom Server Invites to Nitro Boost.  Just auto give it to servers that are partnered or meet a certain member requirement.  They never lose this custom invite link and it is permanent until that server is deleted or the admin removes it. So it will be a “first come first serve” kinda deal which might STILL make it so that some scammer groups will try to still grab some big custom invite names, BUT it'll VASTLY reduce what they are capable of doing, at least until a better system comes up.
 

1

Yorumlar

0 yorum

Yorum yazmak için lütfen oturum açın.