CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 746
- Points
- 113
In this article, I'll show you how Steam Discord accounts are hijacked and show you how to protect yourself from such attacks. An example will be a personal case when I and other users tried to hijack an account using phishing.
Phishing is one technique that uses social engineering to steal user data. We've covered phishing and social engineering in detail many times before, use channel search.
The attackers suggest going to a site similar to the official Discord site, where you can get a subscription if you enter your Steam account information.
In addition to this site, various links to other fake pages began to appear in other chats. I didn't miss such a chance. I launched a virtual machine to test all sorts of suspicious things and opened another phishing site.
The fake page looks better. Let's Encrypt certificate. As you can imagine, services like Discord will not use Let's Encrypt. The attacker used the certificate to make the fake page look more believable.
When you try to log in, a Steam window appears. But this is not Steam or even a window, but a phishing iframe that will take away your username and password, and possibly cookies.
To do this, always check for suspicious links through services like https://scanurl.net or similar.
Phishing is one technique that uses social engineering to steal user data. We've covered phishing and social engineering in detail many times before, use channel search.
How Steam Discord Accounts Hijacked
Recently in the chat there was a link to a site that offers Discord Nitro for 3 months. Those who wanted freebies rushed to go to the site, but I immediately understood from the link that this was a scam. Pay attention to the link:
The attackers suggest going to a site similar to the official Discord site, where you can get a subscription if you enter your Steam account information.
In addition to this site, various links to other fake pages began to appear in other chats. I didn't miss such a chance. I launched a virtual machine to test all sorts of suspicious things and opened another phishing site.
The fake page looks better. Let's Encrypt certificate. As you can imagine, services like Discord will not use Let's Encrypt. The attacker used the certificate to make the fake page look more believable.
When you try to log in, a Steam window appears. But this is not Steam or even a window, but a phishing iframe that will take away your username and password, and possibly cookies.
Steam Discord Account Theft Protection
Everything is simple. Thoroughly check the links and sites you go to. The link can be hidden, but by going to the site, you will always see the real site address in the address bar.To do this, always check for suspicious links through services like https://scanurl.net or similar.
