A new Discord phishing scam promises a free Nitro membership if users link their Steam accounts, which the hackers then exploit to steal game stuff or push other frauds.
The phishing scam is being carried out by many Discord accounts managed by threat actors or automated bots that give other users links to what is ostensibly a guide on how to get free Discord Nitro.
The phishing messages posted to users of Discord reads, “See, here free nitro one month, just link your Steam account and enjoy.” While this appears to be a promotional effort (apart from the grammar), the links go to a phishing site disguised as an actual Discord website touting the Nitro function.
When you click the “Get Nitro” button, you’ll see a phony Steam login form that looks nearly comparable to the real one. The pop-up is a new window that opens right on the phishing website, so any Steam credentials provided are transferred immediately to the hacker’s server.
When victims try to log in, they get an error message saying that the account name or password you have entered is incorrect and asks the user to log in once more.
This double-verification procedure assures that the stolen credentials are valid and that no typing errors were made throughout the phishing operation.
Discord Nitro is a premium membership plan on the prominent VoIP and instant messaging network that includes account personalization, content uploading, and server boost features. Because of Nitro’s popularity, we’ve seen malware outbreaks spread using the same lure, as well as ransomware gangs requesting Nitro gift codes in exchange for a workable decryptor.
Threat actors applied a “free game” as bait in the latest identical scam identified by Malwarebytes to present victims with a phony Steam single sign-on page.
New phishing lures are continuously being developed to entice gamers with the promise of something for nothing.
While using Discord, users should be wary of any communications claiming to give something free if they click on a URL. There aren’t any freebies outside of the platforms themselves, so if Steam and Discord collaborate on a promotional campaign, you’ll see it on both of their official apps/websites.
