Web3 Anti-Scam Tips: Discord Security Guide

With the rapid growth of the NFT market, the transaction volume of the NFT market in 2021 will reach nearly 44.2 billion US dollars. The huge amount of temptation has led to a large number of professional scammers and professional scammers in the digital world infiltrating the crypto world, and these crypto world scammers, facing the Inexperienced encryption whites carry out dimensionality reduction attacks. In order to provide you with some useful security guidelines, this is the opportunity to write this article.

This article is mainly divided into the following parts:

1) As a newbie to Discord or want to participate in NFT projects, what should you pay attention to?

2) Current status of Discord’s environment

3) Official security guide from Discord

4) to reiterate

Note: This account does not promote commercial products in any sense, does not provide any investment advice, and does not accept any PR requirements. This article does not constitute any investment advice.

NFT Anti-Scam Guide

First, provide some security operation guidelines that ordinary users need to remember, and we will analyze them further later.

First of all, we should pay attention to: the deceptive nature of the scam is usually the use of human hope, greed (for example, the sky is auspicious! Congratulations, you have won the big prize) and fear (we are official personnel, you lied, ask I’ll arrest you, and quickly report your ID and bank card password).

Do not believe all DMs (Discord Message) with links, it is recommended to close the DM directly

This one also happens more frequently, because if it is not a real-life friend who has an intersection, you are likely to be a malicious stranger in private chat on Discord, and there is a risk of fraud.

Some possible doubts about NFT projects (requires attention)

1. Discord does not open public chat rooms

2. Twitter does not open comments

3. Non-original design

4. Non-WL (Waiting List) can also be Mint in Presale

5. The team is completely anonymous, especially the designers ️

6. There are very few core members, MODs are all volunteers found online ️

7. Never held an AMA️ (Ask Me Anything)

8. The lottery will always only draw WL or the free NFT of the project️

9. There are basically no other activities except the lucky draw.️

10. Among the WL requirements, pulling people accounts for a large proportion.️

11. Presale is very hasty ️

12. The number of Mint in each wallet is more (3 is more) ️

13. The project cycle is relatively short (2 weeks are considered short) ️

14. The activity of the General channel is extremely low (accurately harvesting domestic leeks) ️

15. Few people follow on Twitter, few comments and retweets ️

16. There is no linkage between other project parties (a blue-chip Holder is not a linkage)

17. Do not believe all DMs with links, it is recommended to turn off the DMs directly

(The above is for reference only)

The consequence of a decentralized system is that no one is solely responsible for something. Does Discord have security responsibilities for its users? Or does the person in charge of each server need to keep users safe? Or do users themselves need to learn all the security common sense, like don’t click on links sent by strangers?

Note: From a security expert’s perspective, the number of scams is only one aspect; more importantly, many scams are becoming more sophisticated. Just like the immune system works: Although NFT holders have some immunity to common scams, such as not trusting any unfamiliar information, they will protect their mnemonics. However, since security features are still limited, more and more new ways are starting to appear to trick Web3er.

background

Let’s start with a story:

In July 2021, when Heart, a 50-year-old part-time outdoor coach, was training outdoors with her children, her home was burned down due to a short circuit, and her home insurance expired, so all her property was destroyed. Afterwards, Heart received a Boring Ape NFT through a giveaway from blockchain company Nametag.

The brand attributes of Boring Ape NFTs are like LV Chanel in the consumer goods world, and the current price in the secondary market can be as high as millions of dollars. Heart was valued at about $35,000 when he received the monkey, which has since risen to $80,000.

But just last August, Heart received a link to a VeeFriends giveaway sent directly by a stranger on the chat platform Discord, and everything seemed plausible, with the URL pointing to the project’s official website. However, when she was about to receive the giveaway, the official website asked to enter her mnemonic, and after she entered:

All the eth and monkeys in my account are gone.

With the rapid growth of the NFT market, the transaction volume of the NFT market will reach nearly 44.2 billion US dollars in 2021. The huge amount of temptation has led to a large number of professional scammers and professional scammers in the digital world infiltrating the crypto world, and these scammers in the crypto world, facing the Inexperienced encryption whites carry out dimensionality reduction strikes.

As a public chat platform, DisCord is one of their hotbeds.

Data shows that in January 2022, at least 44 Discord servers were attacked, with losses exceeding $1 million. As an arena with great temptation for scammers, NFT projects have begun to enter the NFT field with industrial models and large-scale scam teams. However, none of this has affected Discord’s growth. In September, Discord raised $500 million, and in a huge increase, more than doubled its valuation to $15 billion. The chat service has long been a popular platform for video gamers, and over the past year it has become the de facto city square of the crypto community, so much so that every major NFT project and decentralized autonomous organization now has a Discord server.

On the surface, Discord doesn’t offer anything very different from traditional enterprise messaging platforms like Slack or Telegram, which primarily offer voice and text chat tools. Founded in 2015, the company was mostly a communication platform for video game players in the early days, but in the past year, it has become an active organization in the cryptocurrency community, but in fact Discord does not provide any traditional corporate messaging platforms such as Slack or Telegram. Completely different value, mainly voice and text chat tools.

Discord mainly provided a place to hang out, but gamers were later replaced by crypto gold diggers, many people believed in the arrival of the decentralized Internet era , and as NFT prices soared, Discord provided a ready-made place for DAOs and NFTs , a free club without a gatekeeper, and a meeting space big enough to host gatherings of thousands.

In 2019 and now, Discord’s MAU has grown from 56 million to more than 150 million, which brings great security challenges, and the governance rules for individual Discord servers have not been iterated. Therefore, the responsibility for maintaining platform security lies primarily in It is the individual head of the server, some are volunteers, and some are employees of DAO and NFT projects. The division is relatively confusing.

While Discord has rolled out new management tools such as blocking a user and hired a full-time security team, moderators are often the first line of defense when scammers start scamming a channel.

The way Discord is set up, it makes it really easy to fall for those scams between notifications flying in every five seconds and the way you can change your avatar, your username,” said Nicholas Ptacek, a former computer security specialist at SecureMac who now writes about NFTs and crypto. “It’s kind of a scammer’s paradise.”

Nicholas Ptacek, a former computer security expert at SecureMac, said: “The way Discord works (you can send messages at will, change your username and avatar at will) is a bit like a scammer’s paradise. “

Even in the Internet era, phishing schemes will appear frequently, but because the NFT industry is still in the early wild era, valuable digital anonymity, super large assets, mysterious technology, the influx of Xiaobai… This is truly a playground for criminals.

The consequence of a decentralized system is that no one is solely responsible for something. Does Discord have security responsibilities for the welfare of its users? Or does the person in charge of each server need to keep users safe? Or do users themselves need to learn all the security common sense, like don’t click on links sent by strangers?

From a security expert’s point of view, the number of scams is only one aspect; what’s more, many are increasingly sophisticated. Just like the immune system works: Although NFT holders have some immunity to common scams, such as not trusting any unfamiliar information, they will protect their mnemonics. However, since the security features are still limited, more and more new ways are starting to appear, and users can trick Web3er.

However, there is basically no way for the deceived to recover their losses. While OpenSea will flag stolen items and prevent them from being traded on the platform, it cannot reverse transactions, meaning it cannot return stolen NFTs to their rightful owners. Jonathan, an intellectual property attorney at Chilton Yambert Porter, believes that typically, victims can only write to the person who inadvertently purchased the stolen NFT to buy back the art in full. Because the relevant departments do not have clear supervision over the world, most of the time they can only be willing to gamble and admit defeat.

Official security advice from Discord

First of all, when we are ready to click the link to join the server and welcome the new airdrop, it may happen that although the link looks correct, it still seems to be wrong.

Feature 1, the way the other party speaks is not human, such as threatening you with certain things, and there is a certain deadline, warning you that you must join a certain project? Link? Otherwise you will lose your chance. One of the characteristics of this type of scammer is that it has never posted any information on any shared server with users, nor does it share a shared server with you, but it will suddenly come to strike up a conversation.

According to the Federal Trade Commission, online scams will surge in 2021. While Discord’s mission has always been to make Discord the best place on the Internet for people to find a sense of belonging, and we’re excited to see interest-based communities bringing people together, we’ve also seen some dangerous people trying to take advantage of these communities.

So, here’s to share with you the extra steps we’re taking and introduce some ways you can protect yourself on Discord. I hope you keep these safety skills in mind:

For normal users:

  • Don’t click on links from unknown senders or that look suspicious.
  • Don’t download programs or copy/paste code you don’t recognize.
  • Do not reveal your password to anyone!
  • Do not share or screen share your authorization token.
  • Do not scan any QR codes from people you do not know or whose legitimacy you cannot verify.
  • Enable 2-Factor Authentication to keep your account as secure as possible.

For the server owner

  • Audit server permissions, especially advanced tools like webhooks.
  • Keep official server invites updated, especially if most of your new server members are from communities outside of Discord.
  • Likewise, don’t click on suspicious or unknown links, if your account is compromised it could have a bigger impact on the community you manage.

Internet Safety Checklist

(Internet Safety Checklist)

It’s important to be in awe of your cybersecurity , and here are some simple and effective ways to keep you safe in DMs, and even outside of Discord, to a degree.

No.1 Only open trusted links from people you know

A large number of security problems stem from users clicking on links before checking if they are genuine. Always double-check which links you are about to click, link shortening services can easily mask unsafe websites or programs. It’s recommended to check it out through a resource like VirusTotal to see if anyone has flagged it as potentially dangerous.

No.2 Pay attention to URL spelling

No.3 Don’t download programs or run code you don’t understand

No.4 Do not download or run software from unknown sources

No.5 Be cautious about programs that strangers send you

If someone claims to have “a particularly wonderful piece of software” that you need to run on your computer, they are probably misleading you so they can use a phishing program to get your personal information.

Discord Security Checklist

(Discord Safety Checklist)

  • Decide who can send you DMs: Disable DMs for specific servers to prevent scammers hiding in large communities from contacting you.

To adjust who can and can’t DM you, head into User Settings > Privacy & Safety, then scroll down to “Server Privacy Defaults.” From there, you’ll find the option to “Allow direct messages from server members. ” Note , this new state only applies to servers added after changing settings; it will not affect your existing servers.

If this option is turned off, members of newly joined servers cannot contact you via DM unless you are friends with them beforehand, and there is a certain risk of receiving suspicious messages from people you don’t know.

If you’re on a server you trust and don’t mind being messaged by people on it, you can toggle privacy settings on an individual basis. Head to that server on desktop or mobile and select its name to open the server’s settings, and choose “Privacy Settings.” Once there, you’ll find the “Allow direct messages from server members” option. Turn that on, and you’ re free to receive all sorts of DMs from everyone in that server, regardless of if you’re friends or not!

Audit server permissions

  • Knowing what permissions members have on templates and servers is key to keeping each of them safe. If you are the owner of a server, have you checked the permission list recently? Who has what authority? Do you know they have this permission and for how long?
  • Make sure that only moderators you trust have permission to change powerful server tools, including any bots you might add to your server, and be wary of bots posing as large, well-known bots.
  • Keep the invitation link updated

If you update links to your server, make sure your community and new users are aware of the changes and keep any social media pages where you share those links updated. If possible, refer to old invitation links and let everyone know that these links have been updated.

(This is doubly-so for servers Partnered, Verified or Level 3-boosted servers that utilize a vanity URL: if your server loses or changes its custom invite link, nefarious communities may swoop in and claim your old one. If this happens before you update your public-facing invites, people trying to join your community may instead join a server that’s looking to cause trouble.)

Notice! If someone takes control of your Discord account, they can change your username, password, email associated with your account, and any other information associated with your account. Once a thief gets into your Discord account, they can see all your personal information. From server layout to server permissions, to bots that can even kick all of your users off the server, or even use your account as a stepping stone to further sabotage within the community if your account is in charge of a server targeted by hackers, Impersonating you to deceive unsuspecting members.

All professional scammers may also target Discord accounts with unique profile badges that cannot be copied, such as early supporter license badges, etc. If you have one of these unique badges, you should be extra vigilant about your account.

It is recommended that the account enable 2-Factor Authentication, because the scam extortionist also needs to provide a 2FA code to change your password (later rabbit will have related articles to continue to explain)

Reiterated

For normal users:

  • Don’t click on links from unknown senders or that look suspicious.
  • Don’t download programs or copy/paste code you don’t recognize.
  • Do not reveal your password to anyone!
  • Do not share or screen share your authorization token.
  • Do not scan any QR codes from people you do not know or whose legitimacy you cannot verify.
  • Enable 2-Factor Authentication to keep your account as secure as possible.

For the server owner:

  • Audit server permissions, especially advanced tools like webhooks.
  • Keep official server invites updated, especially if most of your new server members are from communities outside of Discord.
  • Likewise, don’t click on suspicious or unknown links, if your account is compromised it could have a bigger impact on the community you manage.

Some possible doubts about the NFT project (note that it needs to be added)

1. Discord does not open public chat rooms

2. Twitter does not open comments

3. Non-original design

4. Non-WL (Waiting List) can also be Mint in Presale

5. The team is completely anonymous, especially the designers ️

6. There are very few core members, MODs are all volunteers found online ️

7. Never held an AMA️ (Ask Me Anything)

8. The lottery will always only draw WL or the free NFT of the project️

9. There are basically no other activities except the lucky draw.️

10. Among the WL requirements, pulling people accounts for a large proportion.️

11. Presale is very hasty ️

12. The number of Mint in each wallet is more (3 is more) ️

13. The project cycle is relatively short (2 weeks are considered short) ️

14. The activity of the General channel is extremely low (accurately harvesting domestic leeks) ️

15. Few people follow on Twitter, few comments and retweets ️

16. There is no linkage between other project parties (a blue-chip Holder is not a linkage)

17. Do not believe all DMs with links, it is recommended to turn off the DMs directly

References:

1.Information

2. https://discord.com/blog/protecting-users-from-scams-on-discord

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/web3-anti-scam-tips-discord-security-guide/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-02-17 22:30
Next 2022-02-17 22:33

Related articles