In short: Hackers have long used email as a way to lure victims into phishing traps, but modern platforms like Twitter and Discord are becoming popular alternatives. The methods for obtaining user credentials may be familiar to the more tech-savvy, but not everyone recognizes a scam when they see it, and some of these flaws are pretty compelling.

- Advertisement -

According to Register, Twitter users are alerted to direct messages informing them that their accounts have been registered for bad behavior. Meanwhile, Discord hackers lure victims into an old scam in which they are informed of an apparent photo or video of themselves being uploaded to chat servers designed to shame people.

- Advertisement -

As with similar social media hacks, clicking on a link in one of these direct messages, which often come from compromised verified accounts, sends victims to the Twitter login page. This is actually a page created by criminals to steal user credentials. Fakes can look very convincing; hackers use Twitter’s APIs to include user profile images and validate entered passwords.

In the case of Discord, users receive invitations to infamous servers. After clicking on the link, they are asked to scan QR code this will allow the bot to take over the victim’s account and send the same message to everyone in that person’s contact list.

- Advertisement -

Such tricks may be familiar to Facebook users. Many of the platform participants, including this author, at some point received a message from a friend whose account was hacked, asking: “Is that you in this photo/video?” followed by a link. Many succumb to this, resulting in the message being sent to even more users.

People are advised to take the usual precautions to avoid being hacked: make sure two-factor authentication is enabled, limit friend requests/private messages, and always be wary of messages with links, even if they come from friends.