2FA makes Discord users more vulnerable to phishing

chikaibivat

• 2021年10月21日 14:07

Background

Right now there is a massive phishing campaign targeting Discord users, which provides a phishing login and harvests account credentials and 2FA codes.

I have noticed that, failing to recognise the link as a phishing scam, a user without 2FA enabled has a second chance at realising before it's too late.

Users without 2FA enabled will have to verify the login from a new location through their email, which will also show the suspicious location of the malicious actor.

Users with 2FA enabled will not receive this notification at all, and will be logged in regardless of their location.

Possible Solution

I can see how there are probably legitimate reasons for removing this extra security feature once a user enables 2FA, but I can't see anywhere to enable it as an option anyway.

I think it's a fairly important option to have to enable verification for logins from a new location, especially as Discord doesn't provide login history like many other apps do.

0

• 

  chikaibivat

  • 2021年10月21日 14:10

  For anyone reading this, please enable 2FA if you haven't already. It is very good protection against your account getting compromised without you clicking on links :)

  0
• 

  Skylyn123

  • 2021年10月21日 16:54

  Yeah im to late on it

  0

請登入寫評論。