
Tell HN: New Discord phishing attempt going around - enraged_camel
A clever phishing attempt seems to have emerged, where you get a direct message from someone on your friends list, and it contains a URL that looks like a Discord URL. The link takes you to a login page that looks identical to Discord&#x27;s own login page. You can guess the rest.<p>Details here: https:&#x2F;&#x2F;twitter.com&#x2F;splitsplatted&#x2F;status&#x2F;1143556723266994176
======
tastroder
The mitigation recommendations in that thread seem a bit weird, effectively
telling people to completely abandon compromised accounts.

Does discord have some weird architectural aspect that doesn't allow for a
regular a) change password, b) enable 2FA, c) logout all existing sessions
mitigation to leaked credentials?

------
thepapanoob
theres nothing fancy about it. its just a plain ol' copy login page and start
phishing with similar looking domain

and the twitter guy makes it sound like its a huge deal...

