Resource Center

Explore a comprehensive collection of resources designed to empower users with essential tools for security and safety. Learn about phishing scams, methods, and cases seen across Discord, and access tutorials on how to safely test, scan, and report malicious URLs.

What is Phishing?

Phishing is a type of cyberattack where attackers attempt to trick individuals into revealing sensitive information such as passwords, credit card numbers, or other personal data by pretending to be a trustworthy entity.

Dos:

  • Always verify the sender's email address or username.
  • Use two-factor authentication (2FA) whenever possible.
  • Report suspicious messages or links to the platform's support team.
  • Regularly update your passwords and use strong, unique passwords for each account.
  • Educate yourself and others about common phishing tactics.

Don'ts:

  • Don't click on links or download attachments from unknown sources.
  • Don't share personal information in response to unsolicited requests.
  • Don't use the same password across multiple accounts.
  • Don't ignore security warnings from your browser or antivirus software.
  • Don't trust messages that create a sense of urgency or fear.

Discord Automod Filters for Scam Prevention

Server staff and owners can use these custom Automod filters to help protect their communities from common scam attempts. Copy and paste these directly into your server's Automod settings.

Word Filters

Add these to your keyword filter list:

*.su*, *funpay*, *funpay.com*, *https://funpay.com/*, only fans, onlyfans, *telegra.ph*, *tinyurl.com*, *50$ gift*, *gift 50$*, *20$ gift*, *gift 20$*, *help 10 people to earn*, *free nitro*, *nitro gift*, *discord.gift*, *steamgift*, *free steam*, *steam code*, *steam key*, *free robux*, *robux code*, *free vbucks*, *fortnite code*, *free minecraft*, *minecraft code*, *crypto giveaway*, *free crypto*, *bitcoin giveaway*, *eth giveaway*, *paypal.me*, *cashapp*, *venmo*, *send me money*, *donate me*, *steamcommunity.com/tradeoffer*, *trade offer*, *csgo trade*, *tf2 trade*, *dota trade*, *skin trade*

These wordlists can be modified by removing or adding words to fit the use case of the server since in some cases it might block real user interactions.

Regex Patterns

Blocks disguised links (markdown links, angle brackets, etc.)
\[.+\]\(?\s*("([^"]+)")?\)

Blocks: [Click here](https://malicious.site), [Free Nitro](https://discord.gift/fake), <https://dangerous.link>

Blocks fake headers and excessive punctuation
\n?#{1,3}\s+,+

Blocks: ### FREE NITRO,,,, #GIVEAWAY,,,,,, CLICK HERE ## LIMITED TIME OFFER,,,,

Blocks common scam phrases with numbers
(free|gift|giveaway|win|claim|earn).{0,10}\d+\$?

Blocks: free 50$ nitro, gift 100 people, claim your 20$ reward, earn 500$ daily

Automod Setup Tips

  • Set these filters to trigger at 1-2 mentions to catch early scam attempts
  • Combine with "Block Message" and "Send Alert" actions
  • Review your Automod logs regularly to adjust filters as needed
  • Add your own server-specific scam patterns as you encounter them

Tutorials

How to Safely Test a Suspicious URL

Learn how to safely test a URL to determine if it's malicious without putting your device or data at risk.

  1. Use a URL scanning tool like VirusTotal or URLScan.io.
  2. Open the URL in a sandboxed environment or virtual machine.
  3. Check the URL's reputation using online databases like Google Safe Browsing.
  4. Report the URL to the platform where it was found (e.g., Discord).

How to Report a Malicious URL on Discord

If you encounter a malicious URL on Discord, follow these steps to report it:

  1. Right-click on the message containing the URL.
  2. Select "Report" from the context menu.
  3. Choose the appropriate category (e.g., "Spam" or "Malicious Content").
  4. Provide any additional details and submit the report.

How to Secure Your Discord Account

Follow these steps to enhance the security of your Discord account:

  1. Enable Two-Factor Authentication (2FA) in your Discord settings.
  2. Use a strong, unique password for your Discord account.
  3. Regularly review and revoke access to third-party applications.
  4. Be cautious of phishing attempts and suspicious links.
  5. Monitor your account activity for any unauthorized access.

How to Identify and Avoid Phishing Emails

Learn how to spot phishing emails and protect yourself from falling victim to scams:

  1. Check the sender's email address for inconsistencies.
  2. Look for spelling and grammar mistakes in the email.
  3. Avoid clicking on links or downloading attachments from unknown senders.
  4. Verify the legitimacy of the email by contacting the sender directly.
  5. Use email filtering tools to block suspicious emails.

Additional Resources

Useful Links

Security Tools

  • Malwarebytes - Anti-malware software to protect your devices.
  • LastPass - Password manager to securely store and manage your passwords.
  • NordVPN - VPN service to protect your online privacy.
  • Bitdefender - Comprehensive cybersecurity solutions for home and business.

Case Studies

Real-World Phishing Examples

Explore real-world examples of phishing attacks and learn how they were executed:

  • Discord Nitro Scam: Attackers sent fake Discord Nitro gift links, tricking users into entering their credentials on a phishing site.
  • Fake Game Giveaways: Scammers promoted fake game giveaways on Discord, leading users to malicious websites.
  • Impersonation Attacks: Attackers impersonated Discord staff, asking users to verify their accounts on fake login pages.

Lessons Learned

Key takeaways from these phishing attacks:

  • Always verify the authenticity of messages, especially those offering free rewards.
  • Be cautious of unsolicited messages from unknown users or servers.
  • Use security tools to scan and verify links before clicking on them.

Important Links

Key resources and guidelines below

LICENSE CODE OF CONDUCT CONTRIBUTIONS SECURITY