The Scariest Fake Discord Login Phishing Scam!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

It's only possible because people are stupid and get into the stranger's van with candy.

That and a lot of people DON'T FUCKING READ.

👍︎︎ 9 👤︎︎ u/Flyingbox 📅︎︎ Aug 10 2022 🗫︎ replies

Replace Discord with Steam and you've got the epidemic that's been plaguing that platform for the past 8 years or so. Phishing via impersonation is nothing new. Ever get an <insert company name here> spam e-mail telling you to log in to recover your account? Same deal and been going on for decades, only difference is how sophisticated and accurate the iframes or JS draws are.

👍︎︎ 3 👤︎︎ u/Azure_Fang 📅︎︎ Aug 10 2022 🗫︎ replies

and discord support sucks, I got hacked one year ago, they helped me after 2 months
and if u lost ur phone with 2fa you can lost ur discord acc, ez, you can't add new phone with 2fa

👍︎︎ 1 👤︎︎ u/helish_88 📅︎︎ Aug 10 2022 🗫︎ replies

Captions

today i'm going to show you a discord phishing scam that's actually really easy to fall for first off what is a phishing scam well a phishing scam is basically a fake website that you go on to and you send your account credentials to the hacker or the scammer and then they take your account and they can do whatever they want with your account most scammers will either buy nitro or if you have rare badges sell your account for money it's all about making money now this web page in itself could be presented in many different ways you could have i don't know some sort of weird scam dm in this case i don't have an actual example of this specific url being used but regardless this advice in the video should still apply so you'll go to this website it'll look completely normal right and it tells you to authorize to add this random bot to your account so you can i don't know do something whatever the scam is trying to say now some of the previous advice i gave was make sure that this link here is a legitimate link so it goes to discordtrackers.com this is discordtrackers.com regardless everything looks very kosher so and not a lot of red flags would pop up for someone who's looking through this stuff so they'll click authorize and it'll get this discord pop-up window to log in now great advice from a lot of people is that whenever you're going to log into a web page look at the url that you're actually logging into in this case it's discord.com login now if i actually go to discord.com login this is the legitimate website and a lot of people if they're worried about phishing scams they'll make sure to look at the url bar once i said oh it was fake discord and don't log into fake discord well if we look at this little pop-up here you'll notice that it's just normal discord so that advice doesn't apply anymore this would make you assume that this is actually safe to log into however let's just mess around with this little pop-up and see what it does i can drag it around i notice it doesn't look exactly like my chrome but the best way of figuring out if you're having a fake pop-up phishing scam the best way to figure out if it's fake is to try and drag it outside of the web page you'll notice that i'm dragging it and it just will not leave this chrome web page and that's because this pop-up is not an actual pop-up it's an embed inside the website so let's get a little nerdy on this if i press the f12 key i'll pop up my little inspect element thing in chrome and i can select an element and i'm going to click on this big pop-up window because like i said before it's actually part of the website it's not a legitimate pop-up because we can't drag it outside of chrome it just stays stuck inside so what we have is this iframe now i googled because i don't want to be wrong here an iframe is basically just an html element that loads another html page so it's a page within a page it's kind of an embedded page in this case this is an embedded website so if this is an embedded website what is the source website well thankfully html is somewhat coherent to read as a normal person and you'll notice that there's this src which stands for source i could say that confidently i hope i might be wrong whatever let's just pretend i'm right okay anyways you'll see this dot login page now if we hover over it you'll notice that it says discord trackers dot com slash login so why not go to that website right new tab paste it in login so discordtrackers.com login oh deceptive site ahead thank you very much chrome for saving all the idiots like myself that click on random links but you'll notice oh wait this is a discord login page but if you use your phishing advice that you got beforehand to look at the url you'll notice that it says discordtrackers.com this is not discord.com login as you'll notice i mean discord.com login is the legitimate website but this is discordtrackers.com login you'll also notice a couple of differences between these websites usually these websites are a little outdated but i wouldn't rely on that so to wrap up what's really going on is that if we go back to our main page here and i'm just going to shrink this a little bit we have this embed here right and it's an iframe and we went to the source of the iframe which is this discord trackers.com login page and that's this web page right here so what these scammers are doing is they're actually using an iframe so an embed and or a website inside of a website to load their phishing website then what they'll do is they'll add a little bit of html code so it looks like this chrome bar up here that has the discord login url bar right here now what if i'm using safari well there is code in here to figure out if you're using safari and it'll pop up with a safari webpage same thing with firefox it changes its look slightly once again it doesn't perfectly match so that's a dead giveaway but regardless it does figure out what browser you're using because that information is very easily available if you join a website and it'll say oh you're using chrome we'll use the fake chrome popup and how do i know this well as you can see this iframe here it's just this rectangle here and anything above it is this fake window location wrapper whatever class they call it and it just is composed of different html elements as you can see a url bar if i open this up it's just you know some sort of svg and this svg has you know all the path stuff that you could convert to an image but you'll notice that it just has plain text here saying oh discord login i mean i could literally say i don't know something hilarious oh my goodness now we're logging into my actual youtube channel oh my goodness it's youtube.com no text to speech but you should subscribe maybe i don't know but anyways it's very clear to see that this is just like going into google right clicking on something inspect elementing it and just changing the text to say something uh i don't know different something like this what is cool me i am so cool you've done this when you're like i don't know 12 in computers class and messing around with your friends i mean if you haven't done that what are you doing with your life you know a little bit of an aside but this is all just some sort of part of the website that we can modify this is not an actual functioning url bar let's just wrap up with a brief conclusion so my message doesn't get diluted by my awful analogies and stories basically if you manage to land on some sort of website that you click authorize and it tells you to log in just stop for a second and use your brain first off the first thing to do is that if it's in a pop-up try to drag that pop-up off of the active browser window so you'll notice that i'm trying to drag it off of chrome it doesn't work that means that this is part of a website this is a phishing website i would not go on it now the second thing to do is that if you do manage to go to some sort of website that's just a login page like this make sure you look at the url bar and notice that it says you know this is not the legitimate discord login page it's discord trackers just a couple other things that are really easy to notice is first off if i try to log in none of my discord information will pop up and also if you were logged into discord.com login if you already logged into your discord account then you shouldn't have to log in again so if you're already logged in on chrome and you randomly have to log in again just take a step back and think now there are some websites that do this if you try modifying your google password and stuff it'll ask you to log in again but with stuff like discord you usually don't have to log in twice so just make sure that if you ever go on some random web page and you have to log in just take a step back think about it and do those very simple tests that i showed you now if you did send in your login information on one of these websites there's a couple things you need to do first off you need to change your password as soon as possible that will reset your token and your qr code and also just change your password now this is where things get difficult if you use the same password for everything like i don't know i love dogs one two three four five with a capital i then you're in big trouble because now this scammer or hacker knows your account's username and password usually your email what they're going to do is they're going to try and go on any other website and try to log into your account so this is why i highly suggest you using today's video sponsor no i'm kidding there is no sponsor use a damn password manager generate crazy complex passwords that are literally just numbers and symbols like that and use a password manager and use a very strong password for that password manager just make sure you use different passwords for different websites because doing this will make sure that if you do get your discord account hacked that doesn't mean that your bank account information is now very easily available to the scammer use a different password for every single website okay that's it that's all i got today i'm running out of juice okay i i wrote down a couple things i got to talk about and i went through the list like five times in a row so anyways i'm gonna cut it off here i love you sweetheart i'm gonna like i don't know bake some cookies or something anyways love you more

Info

Channel: No Text To Speech

Views: 955,606

Rating: undefined out of 5

Keywords: scammer gets scammed, discord scams, discord fake login scam, discord hacked account, discord, new discord scams, discord safety, discord phishing links, hacked discord account, stolen discord account, stay safe on discord, discord scams 2022, scams on discord, discord scams explained, discord scams are getting worse, fake discord website, discord phishing, discord phishing scam, steam popup login scam, discord popup login scam, discord embed scam

Id: uS9h24IKKb0

Channel Id: undefined

Length: 8min 20sec (500 seconds)

Published: Fri Aug 05 2022