Posts: 8,306 +103
In brief: Hackers have long favored email as a way of snaring victims in phishing traps, but modern platforms such as Twitter and Discord are becoming popular alternatives. The methods of grabbing users' credentials might be familiar to the more tech-savvy, but not everyone knows a scam when they see one, and some of these cons are pretty convincing.
As per The Register, Twitter users are being warned about direct messages informing them that their accounts have been reported for bad behavior. Meanwhile, Discord hackers are subjecting victims to an old scam in which they're told of an explicit photo or video of them being uploaded to chat servers dedicated to shaming people.
As with similar social media hacks, clicking a link within one of these direct messages, which often come from compromised verified accounts, sends victims to what looks like a login page for Twitter. In reality, this is a page designed by criminals to steal user credentials. The fakes can appear extremely convincing; hackers use Twitter's APIs to include user profile pictures and to verify inputted passwords.
In the case of Discord, users are receiving invites to shaming servers. After clicking the link, they're asked to scan a QR code that will allow a bot to take over the victim's account and send the same message to everyone on that person's contact list.
These sorts of tricks might be familiar to Facebook users. Many of those on the platform, this writer included, have at some point received a message from a friend whose account has been hacked asking, "Is this you in this photo/video?" followed by a link. Many fall for it, resulting in the message being sent to even more users.
People are advised to follow the usual precautions to avoid being hacked: make sure 2FA is enabled, restrict friend requests/DMs, and always be wary of messages with links, even if they come from friends.