Bad actors in your Discord server will often try different methods to bypass server security. Their target? Scam vulnerable members of your community! Scam accounts interact with server members in channels and through direct messages. This interaction helps them appear as team members and moderators.
Scam accounts often join a Discord server and finish the verification steps. They then change their nickname to mimic an official team member, administrator, or moderator. You can spot these accounts by using audit logs from bots. These logs bring attention to strange activities, such as a change in username or a server-specific profile picture. To safeguard your community from potential scammers, here are various Discord scam methods and protective strategies:
Attacks through direct messages
Scam accounts often start sending out bulk messages to users in Discord when they join a new server. Many Discord users adjust their settings to reject direct messages from strangers. However, newer users, unfamiliar with the platform, may become targets for scammers who interact via direct message.
Discord’s recent addition, the members list, enhances your ability to understand community dynamics. It enables you to examine a user’s signals. The system actively sends signals to the members list in various situations, such as when a user sends unusual direct messages (DMs) to non-friends on the server or when a user faces a timeout. Subsequently, when you choose to view users who send unusual DMs, you often uncover profiles that have been crafted to impersonate admin or help desk accounts. Additionally, the members list offers a filtering feature for server and Discord join dates, which proves invaluable for identifying suspicious bot accounts.
Learn more on the members page here!
Fake team members & bots
You can set up profiles to match those of team members, moderators, and bots. These users often create profiles that appear legitimate. They do this to lure community members into a different server or a direct message conversation, aiming to gain access to their accounts.
You can use Dyno bot to flag certain characters in user profiles and directly match certain bot or team usernames, depending on your subscription to the bot. The base features let you set up to 10 username matches, enabling auto-banning of certain usernames. You can use a blacklist feature from a bot like Sledgehammer in conjunction with Dyno or another bot of your choice. This ensures that no bad actors make it past your verification systems.
Learn more about Dyno Bot here!
Fake Airdrops and NFT’s
Members of your community might send users direct messages. They might also post links in channels for giveaways and NFT drops. Often, scam accounts impersonate team members or moderators. They aim to redirect users from channels to phishing links. One of the ways to combat malicious links in your server, is by using Discord’s automod feature!
Automod is a built-in bot native to Discord servers. It allows you to block mention spam, suspected spam content, commonly flagged words, and custom words. Adding maliciously shared links to the custom words filter triggers an automatic response. The system places the bad actors in a timeout. It also sends their messages to a specified channel. Your moderation team can then review these messages.
Learn more on AutoMod here!
Upon joining a server, scam accounts often post in specific, more populated channels, leaving a placeholder message to change later. Discord permits the sending of hidden messages containing links. However, you have various methods at your disposal to prevent the distribution of malicious invites and links in your server.
You have the option to disable Discord links by default across your server. Alternatively, you can permit them in particular channels, tailoring the settings to your community’s needs regarding link sharing. By using a combination of previous bots, you can specifically target and blacklist certain links. Additionally, if needed, configure Dyno bot’s modules to flag links and remove them automatically. For more advanced control, employ automod along with custom words and regex settings.
Malicious accounts may join your server and instantly begin sharing invites to other Discord servers in certain channels. Their goal is to take advantage of new users. To combat server invites on Discord, we recommend the yagpdb bot.
Yagpdb bot has a module that you can activate to block all server invites from all users. You have the option to whitelist a specific role in the system. This feature proves advantageous for allowing certain users, like ambassadors or prominent community members, to share links. You can trust these individuals due to their established reputation within the community.
Learn more about yagpdb here!
A vast number of malicious actors are actively exploring Discord scam methods. However, by fostering a community that values safety and cooperation, you can create a Discord server where members can interact, share, and communicate without the constant threat of scams lurking in the shadows. Ultimately, a united and informed community is the most potent defense against the ever-present danger of scam accounts on Discord. If you’d like to learn more on how to prevent this from happening, we’re more than happy to help out.