Sign in to follow this  

How Steam accounts are hijacked in Discord

Recommended Posts

In this article, I will show how Steam accounts are hijacked in Discord and tell you how to protect yourself from such attacks. An example will be a personal case when I and other users tried to hijack an account using phishing.

Phishing is one of the techniques that uses social engineering to steal user data. We have already talked in detail about phishing and social engineering methods many times, use the channel search.

How Steam accounts are hijacked in Discord
The other day, a link appeared in the chat to a website that offers Discord Nitro for 3 months. Those who wanted freebies rushed to go to the site, but I immediately realized from the link that this was a divorce. Pay attention to the link:



The attackers offer to go to a site similar to the official Discord website, where you can get a subscription if you enter your Steam account details.

In addition to this site, various links to other fake pages began to appear in other chats. I didn't miss such a chance. I launched a virtual machine to test all sorts of suspicious things and opened another phishing site.

The fake page already looks better. Let's Encrypt certificate. As you understand, services such as Discord will not use Let's Encrypt. The attacker used the certificate to make the fake page look more plausible.



When you try to log in, a Steam window appears. But this is not Steam and not even a window, but a phishing iframe that will steal your username and password, and possibly cookies.

Protection against theft of a Steam account in Discord
Everything is simple. Carefully check the links and sites you are going to. The link can be hidden, but when you go to the site, you will always see the real address of the site in the address bar.

To do this, always check suspicious links through services like or similar.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this