Discord has become a popular app among roleplayers as well as computer gamers. It allows users of virtual tabletops like Astral, Roll20 and Fantasy Grounds to talk to one another, bringing the traditional experience online.
In the last 48 hours, uncharacteristically successful phishing messages have been tricking gamers into a Discord virus.
Nintendo gamer and Twitch affiliate SplatterShah’s warning tweet about the outbreak explains the situation and now has over 25,000 retweets.
The phishing messages use the domain discord gg .ga not the discord .gg that Discord actually uses, but it appears to be a close enough match to fool some people.
The login page users are presented with looks precisely like Discord but isn’t. If someone enters the Discord details into the phishing page, then their account can be taken over. This is an excellent reason to enable two-factor authentication. Users without it who fall for the fake login page will likely lose control of their account.
Compromised Discord accounts send messages to people who share servers with more phishing messages. This is where tabletop roleplaying game communities can be especially vulnerable.
Geek Native has seen screenshots of Discord phishing DMs from members of a looking for group D&D community. That’s precisely the sort of community from which DMs from people you only kinda know are commonplace. It’s easy to see why the malicious messages would get traction.
What should I do if I have this Discord virus
SplatterShah recommends creating a new account. They suggest using a Discord name that feels familiar and reaching out to staff at your old servers and explaining what has happened. Of course, enable two-factor authentication this time.
Hey, this is the first time I’ve heard of D&D on Discord, and I’m interested now
If you’re looking for online RPGs then having some experience with Discord might help you land a place in a regular gaming group. That said, the most likely people to introduce you to Discord in the first place are gamers who use virtual tabletops.
Last year Geek Native put together a quick list of Discord servers that might interest tabletop fans. It’s still a pretty good starting place.
Note: Discord servers themselves are not responsible for the phishing outbreak. Geek Native has asked, and as agreed, not to name the tabletop RPG server from which screengrabs of the phishing were taken. They are not the only server on which users fell for the scam.
Are you a Discord tabletop gamer? Let us know which servers you would recommend and any best practice tips you have.
Creative Commons credit: by Daniil.
