Free Nitro phishing scam

Yash Aryan

November 3, 2021

A new type of phishing promoted via Discord messages promises a free Nitro subscription if a user links their steam account, allowing hackers to steal game items or promote other scams. Multiple discord accounts are taking part in conducting these scams, controlled by threat actors, or as automated bots that send users links to what is supposed to be a guide on how to receive Discord Nitro for free. When the user clicks on the links, it takes them to a fake Steam login page which looks identical to the legitimate form. Whenever the credentials are entered onto this fake page, they get sent to the hacker’s server. While attempting to log in, an error is shown that tells the user that their credentials were incorrect, and re-prompts them to enter the password. This acts as a double-verification step for the hacker to make that the victim enters the right password both the times. The IDeX discord server of Manipal Academy of Higher Education, run by the Innovation Centre community, recently fell victim to this scam where a compromised account spammed multiple channels with Free Nitro promotional messages, much to the frustration of the channel admins, who spent long time deleting the messages, and the hundreds of members of the server alerted by mass pings.

Abridged fromBleeping Computer