Miro 14 In this article, I will show how Steam accounts are hijacked in Discord and tell you how to protect yourself from such attacks. An example will be a personal case when I and other users tried to hijack an account using phishing. Phishing is one of the techniques that uses social engineering to steal user data. We have already talked in detail about phishing and social engineering methods many times, use the channel search. How Steam accounts are hijacked in Discord The other day, a link appeared in the chat to a website that offers Discord Nitro for 3 months. Those who wanted freebies rushed to go to the site, but I immediately realized from the link that this was a divorce. Pay attention to the link: http://discodintro.info/nitr0/steam The attackers offer to go to a site similar to the official Discord website, where you can get a subscription if you enter your Steam account details. In addition to this site, various links to other fake pages began to appear in other chats. I didn't miss such a chance. I launched a virtual machine to test all sorts of suspicious things and opened another phishing site. The fake page already looks better. Let's Encrypt certificate. As you understand, services such as Discord will not use Let's Encrypt. The attacker used the certificate to make the fake page look more plausible. When you try to log in, a Steam window appears. But this is not Steam and not even a window, but a phishing iframe that will steal your username and password, and possibly cookies. Protection against theft of a Steam account in Discord Everything is simple. Carefully check the links and sites you are going to. The link can be hidden, but when you go to the site, you will always see the real address of the site in the address bar. To do this, always check suspicious links through services like https://scanurl.net or similar. Quote Share this post Link to post Share on other sites
