Discord account hacking explained

I had a talk with one of my friends about Discord account hacking, this talk started after he told me that he had received an Discord phishing attack. Luckily he was able to notice the attack, so of course, we started an discussion about Discord account hacking.

I have made this post on Discord account hacking to have you informed. In this post I will show you multiple Discord account hacking schemes that are doing the rounds and I will explain to you how you can keep your Discord account safe.


The Discord application is used for voice, video and text messaging. It is globally used by millions of people.

Discord account hacking explained

Cybercriminals and scammers make use of Discord phishing attacks to steal login credentials from unaware users. Some of these phishing attacks make use of sophisticated tricks to steal credentials.

Fake Discord login

Fake steam page opened

One of the phishing attacks claimed that an user can get additional Steam (Gaming platform) points via Discord. All they need to do is login. The cybercriminals behind this attack have created a fake Discord page which opens a fake Steam page.

Fake page opened in Discord phishing attack
Once a button is clicked on the phishing page, the following fake Steam login form is shown

The fake Steam page can be recognized by the eye as the browser URL contains the string “about:blank”. All of the hyperlinks on the fake Steam page actually do lead to the official Steam website, so I had to take a deeper look.

Source codes contains official Steam server, but the data is not sent there.

This Discord account hacking scheme tries to send my credentials towards the path ‘/63so/login/getrsakey/‘ and additionally it is also being sent towards ‘/dologin‘, none of them are actually communicating with the official Steam servers.

Data not sent towards official site

At this point, we can safely state, that once the victims pass this point, the cybercriminals or scammers have successfully obtained an Steam account via an Discord themed phishing attack.

This Discord phishing attack can by analyzed by you, you simply need to head towards this URLscan report.

Direct Discord account hacking

In the following Discord phishing scheme, the cybercriminals have crafted a login form which utilizes components of the official Discord site. The template is colorful and it tries to imitate the official login form of Discord.

Fake Discord login form
Discord phishing page, QR code login not working

In this scheme, the cybercriminals try to lure the users into filling the login form by having an faulty QR login.

Robot test by cybercriminals

The cybercriminals want to make sure that their victims are actually people and not automated processed made by cybersecurity vendors. They try to trick the cybersecurity vendors by including Captcha checks, this allows them to validate “human” logins while defending themselves against cybersecurity sensors.

Captcha used by cybercriminals
Captcha check performed by cybercriminals

Protect yourself

Being on the internet and utilizing solutions like Discord should be fun. You can have a lot of fun, but if you invest just a couple of minutes, you can quickly ensure that no logins will take place at your Discord account without your knowing.

  • Enable Two-factor authentication via Discord
  • Always double check the domain names
  • Only utilize the official Discord page for login
  • Never share your credentials
  • If it is too good to be true, it most likely is fake.