Discord Scam Bots
Discord Scam Bots have been on the rise and it is important that you can know and detect them to stop yourself from becoming a victim. Scam bots will offer you a range of things such as Nitro if you visit a website, boosts if you add a bot to your server, but be warned, these bots don’t offer any of that. It is important, especially as a server owner and mod to be aware of these bots and how they operate.
What do these bots do?
Firstly, these bots are self-bots. They are legitimate accounts that have been compromised by falling victim to the scam of these bots by giving up their authentication token which bypasses the login system, even if you have two-factor authentication as the token is generated after you enter your verification code.
These bots prey on unsuspecting victims to fall into their trap of offering something too good to be true. There are a few types of bots.
- The first type of bot is the general Mass DM Nitro Giveaway bot. It claims you have won level 3 boosts or a year of Nitro or similar if you add the bot to your server and wait 24 hours. This bot then sends a DM to every single person in your server with the same message. It aims to join as many servers as possible and is usually sold to the highest bidder who is looking to make a bot that is already in a lot of servers just by rebranding it. These bots, while they won’t compromise your account, they rely on unsuspecting victims to fall to their attack so it is important to realize that no bot will ever send you a direct message offering boosts in exchange for an invite. BTW, bots can’t even have Nitro or boost servers themselves. It is important to know that a lot of these bots will also have a verified checkmark in their name. This doesn’t mean that they’re safe though, it just means they managed to get past Discord’s verification system.
- The second type is the mass server spammer self bot. A self bot is a bot that runs on a normal user account that doesn’t have the bot tag on its account. These bots don’t have to be added by an admin as they can join via an invite link. Automating a bot with a user account is against the Discord Terms of Service and will result in a ban if caught. What these bots will typically do is spam in every channel a link that looks very similar to a Discord Gift invite, claiming that if you click it you will receive Nitro or a similar gift. Clicking on this link will take you to a website that will look very similar to Discord’s and ask you to login or download something. Both will steal your credentials and cause your account to become compromised resulting in you spamming the link in all your servers and direct messages as well.
- The final type is the type that finds accounts to compromise. Someone on your friends’ list who has been compromised will send you a direct message with a link to a seemingly unsuspecting file while asking you to test out a new game or program they made. DO NOT CLICK IT. It is a virus that will corrupt your Discord client causing you to leak your token once you have run the program causing you to do the same thing as your friend did.
How do I detect these bots?
There are many ways to tell which user is a bot or has been compromised. Generally, the best rule of thumb is that if something is too good to be true, then it is too good to be true.
- Discord Bots and Discord the company will never send you a Direct Message from a bot unless it is a System Message giving you Nitro for Free if you complete a task such as visiting a site, downloading a file or adding a bot to a server.
- Scam bots will generally spam the same link in every channel it has access to or send a direct message to everyone it can with the link.
- Scam bots will generally not reply if you ping or DM them about something. They can’t have a conversation because they’re a bot but there may be someone behind it that can.
- The URLs of the bots will be a tiny bit off from an official URL. For Discord, the i may become an l which is unsuspecting if you don’t look at it closely enough. Discord’s official domains can be viewed here: https://www.reddit.com/r/discordapp/comments/fwf37z/psa_list_of_all_official_discord_websiteslinks/
What should I do if I come across one of these bots?
If you come across a scam bot is important to make sure you identify it correctly. Once that is done, you should report it to a moderator or admin of the server that it is happening in. If you are being DMed by it, check your mutual servers and report it there.
You can also report it to Discord who can assist with making sure more users don’t fall victim: https://dis.gd/request
If you are an admin or moderator, it is important to either kick or ban the user as fast as possible to stop it in its tracks as the longer you leave it, the more people it will reach out to and the higher likelihood a member will be compromised.
What if I click the link or get compromised?
If you click a link or get compromised it is very important that you act quickly. Here are some steps you should take to protect yourself appropriately.
- Change your Discord Password. This will ensure that your token gets refreshed. If you downloaded a file, run a malware scan and reinstall Discord before logging in again.
- Keep an eye on your email for notifications from Discord such as a password or email change.
- If you receive one of the emails from step 2 it is important that you immediately send Discord an email, https://dis.gd/contact in order to get them to reset the account credentials and to stop others from being able to login.
- Let others know you have been compromised on other platforms so they know to remove your permissions from a server or to let others know to be wary of what you send to them on your account.
How can I help prevent these scams?
It is always better to be proactive, rather than reactive and as a server admin or owner, there are certain steps you can take to protect your server against these bots.
- Using auto-moderation tools. There are a whole range of auto-moderation tools that can already stop bots like these. Wick is a prime example of a bot that can ban users who post suspicious links or blacklisted ones. Check out Wick here: https://wickbot.com/. Another bot is called Fishy which has been created by a group of DMD members which has a much larger blacklist than Wick bot and is a lot more proactive, searching for the domains before they are put into circulation. Invite the bot here: https://discord.com/oauth2/authorize?client_id=892420397570592768&scope=bot%20applications.commands&permissions=268446726
- Educate your members and staff to recognize these scams. User education is one of the most important things you can do to protect your members from bot attacks like these. Sending your members articles like these and other resources can help protect them from these scams and help them detect them.
On a final note…
Thanks for taking the time to read this Advertise Your Server Article. We hope this helps you detect scam bots and helps keep yourself and your members safe.
Some additional reading:
Good luck and keep safe!