It’s always a good idea to be aware of what an impersonator trying to scam you looks like. Sometimes that impersonation is easy to spot — one way is if this person newly-DMing does not share any mutual servers with you or you don’t have a DM history with them.
However, this isn’t a foolproof way to rule out impersonators: the most determined of hackers will employ tactics that include targeting the friends list of an account they have already taken over and pretending that they are your friend.
Let’s go over some of the methods that hackers may use to target you on Discord and how you can apply the methods we discussed in the Protecting Against Scams on Discord article to make sure you don’t fall prey to their schemes.
In this situation, a user pretending to be your friend, or using a friend’s compromised account, reaches out asking you to check out their video, test a game they made, or practice running code they wrote. No matter the backstory, they’ll always ask you to download a program or click a link they provide, resulting in a malicious program entering your computer and/or compromising your account.
Another variation of this scheme involves a user asking you to “test” something for them, directing you to open the developer tools on your internet browser while logged into the web app. They’ll then ask you to show them your token — do not do this. With your token, malicious users can sign in and take over your account.
Discord will never ask you for your token, and you should never have any reason to open Discord’s Developer Console in the first place. Note that this is only applicable to Discord on your internet browser, and not the desktop or mobile application.
This is similar to the previous scheme in that usually it is, again, a trusted individual that DMs you. Sometimes it's in the form of a well-known bot or under the facade that they are an administrator for a server that you're active in. It may involve very genuine-looking links to websites as well. Like we said, if it's too good to be true, it likely is.
Discord impersonation involves a hacker pretends to be messaging you from an “official Discord account” and offer entry to one of our community initiatives, such as the HypeSquad or Partner programs.
This is nearly always fake. Below are two screenshots, both of which present themselves as official Discord-sent messages. However, of these two conversations, only the right screenshot is actually from Discord.
On the right, you can note the blurple “System” tag next to the sender’s name, as well as the Reply space being replaced with a unique banner that only official system messages come with.
The DM on the left does its best to be convincing though. It even sends an invite link to a real Discord-run server called Discord Testers and a somewhat-real-looking link to the supposed Discord Hypesquad form. Scammers will use a technique of mixing real Discord invite links (to public Discord servers usually) with their malicious links in order to portray legitimacy and lull you into a false sense of security.
If you suss out that a DM is a fake, report it as Spam using the red “Report Spam” button at the top of the DM.
This feature is one of many improvements that we’re working on to help identify and remove bad actors as soon as we’re aware of them.
One of the oldest scams is the temptation of “free Nitro.” While we can’t discount people who may be truly full of generosity and believe in gifting Nitro, getting a random DM from a stranger claiming to have chosen *you* for a Nitro giveaway is incredibly sus, and most likely a scam.
Discord will never ask you to scan a QR code in order to redeem a Nitro code. Do NOT scan any QR codes from people you don’t know or those you can’t verify as legitimate.
If you ever use QR Code Login to sign in to Discord, make sure you’re using the desktop app, or if you’re on the web app, that your URL bar says “https://discord.com/login” exactly as it's written.
The above tactics are some of the ways that scammers may attempt to socially-engineer you into giving up your information. Even if you don’t click any of their links, it's best to simply block and report them to us, rather than engage further.
We encourage you to share this article with friends who may not be as informed as you — when everyone’s aware, our communities are safer than ever. Here’s a quick link back to Protecting Against Scams on Discord too.
Stay safe out there!