#this is mostly in lieu of a wave of hacks on discord- but it's good to keep all of these things in mind and stay safe
Explore tagged Tumblr posts
moonlitcomet · 9 months ago
Text
When avoiding scams and being hacked on discord specifically:
Don't click suspicious links. If you are not expecting it, do not open it.
Use 2FA when possible. It is the strongest way to protect yourself, but you still need to be vigilant and make sure you don't give away your accounts in other ways [ie token grabbers, QR codes, or other instant-login services].
Don't share passwords across accounts, especially with sensitive ones such as banking or legal documentation. The fewer shared passwords you have, the less likely a large data breach is going to affect a large number of your accounts and information.
Those "exposed" servers are phishing scams via verification bots. Someone sending you a DM saying that you may have sent someone pornography or nudes, and to join a server to see what it's about, is trying to lead you on to scan a login QR code, which bypasses 2FA and password usage.
If someone "accidentally reported you" it's a scam, they are playing off of a sense of fear and will ask you for your passwords by sending you to fake support accounts. You do not give passwords to official support, they do not need your password in order to access your account on their platform.
Continuing the above, websites will never make you prove your innocence in such a situation.
Anything to do with "crypto market" is a scam.
Do not download any files from people asking you to playtest a game, those "games" are token grabbers. Token grabbers are capable of bypassing 2FA, and can allow attackers to enter your account without a password.
Remove permissions from all bots that can "join servers for you". These bots can rejoin servers that you leave, or send you to different servers without your consent to artificially inflate user numbers.
Be vigilant when using the internet and especially social media or discord. Hackers and scammers rely almost 100% on you blundering into their schemes via panic, anger, or lack of knowledge. These same types of scams have been circulating the internet for over a decade in some cases, and victims fall for it when they aren't aware of the scam in the first place.
More general internet advice per @oldmanyaoi-jpeg:
If a message or group is trying to quickly induce a strong emotion, such as fear or anger, be aware that they may be trying to trick you into making an emotional decision (ex. "exposed" groups and accidental reporting scams)
additionally, any message with a deadline should be regarded with heavy suspicion, as they are likely trying to trick you into making a decision driven by panic (paypal and amazon payment scams)
Never click on a link that you find even remotely suspect, or call a number provided in a suspect message. Always get contact information directly from that entity (ex. go to paypal or amazon directly to check for suspicious activity or contact CS instead of clicking a provided "dispute" link)
If you aren't expecting a link, email, text, attachment, etc. it should always be judged suspiciously. (ex. "we have your package" scams, playtester scams, "you have a virus" scams)
If you are being asked to reveal any personal information, stop and examine everything critically, as you are likely getting scammed. Specifically and especially passwords- I work in IT. If people who have business with your account want in your account, we're getting into your account, and we don't need your password for it.
Be critical of the permissions asked for by an app you're linking to an account. "Joining servers" is one to be suspicious of, but there's plenty more (making posts for you, having access to documents in gdrive, seeing any personal information, etc) that you should always think about before giving to an app.
Delete accounts and remove access for apps that you aren't using. Reducing your digital footprint will reduce your vulnerability- no need to worry about an email regarding an old Venmo account if you've deleted it, for example. Compromised apps can't affect your account if you take away their permissions either.
2FA is the easiest way to protect yourself from any scam or malicious action, as even if you willingly give up your password, nobody can get in without your verification. So my final advice of the day:
Set up 2FA, and never give any verification code you receive to anyone who may be asking for it, no matter how much you trust them. The only time you should confirm a login with 2FA is when YOU are logging in.
6 notes · View notes