Analysis of a phishing link being shared in discord currently
Published on January 17, 2022 by 0xRar
DFIR Phishing Analysis
1 min READ
This phishing attack scenario happens when the victim clicks on the link accidentally or otherwise it spreads it self by sending the link to the discord friends & joined servers, the link did not ask the victim to enter credintionls in order to send the link or steal any tokens or credentials, this phishing attack is meant to give the users(victims) a free month of discord nitro which costs 9.99$ USD Dollars monthly as if it was brought to you by steam,
This way they can spread the link by discord and or stealing your discord credentials and your steam account credentials and potentially making profit from your steam inventory , also from the urlscan.io the link uses nextcord which is a discord api used to make discord bots so maybe it uses it to make an http request to the server and send the harvested creds via discord, but thats just a possibility.
If you want to learn how to to protect yourself you can read this post on the malwarebytes blog: https://blog.malwarebytes.com/scams/2021/10/discord-scammers-lure-victims-with-promise-of-free-nitro-subscriptions/