@derp said in Don't Join Discord Servers!!!:
There's no whisking off to other sites and such, which would be a fairly obvious red flag
There kind of is, though, it's just subtle enough that it fools people.
Here's a good video explaining what's going on: https://www.youtube.com/watch?v=4JL8O-9IkcQ
Basically you get invited to a server (normal, no problem), but upon joining a bot asks you to scan a QR code (which is just a link in another form) to verify yourself. The QR code/link then takes you to a confirmation prompt/page that says "do you trust this?" The hack happens when you click "yes I trust this" because it gives the bot access to your login credentials.
So there are actually two red flags here: One is the QR code (again, essentially a link) from an untrusted source, and two is the "do you trust this" warning prompt from discord itself.
Now I realize that often these things come from a hacked friend's account, so you might not see it as an untrusted source. That's the nefarious part of so many phishing schemes. I'm not faulting people for falling victim. I'm just saying, "don't join discord servers" is the wrong message. "Don't use Discord's QR scanning login" might be a better one, or "be wary of scammers trying to phish you by inviting you to servers". But let's be clear about what the actual problem is.
Incidentally this isn't new. The exploit has existed ever since Discord added the 'login with QR code' feature.