How to Protect Your Discord Server from Phishing Links

Phishing links — fake websites designed to steal Discord tokens or login credentials — are rampant on Discord. Here's how to stop them.

How Discord Phishing Works

Typical attack pattern:

1. A member's account is compromised
2. The attacker DMs all server members with a fake link ("free Nitro," "Steam trade offer")
3. Victims click, enter credentials, and their accounts are also compromised
4. The cycle repeats

AutoMod Link Filtering

Set up Discord AutoMod to block suspicious links:

1. Server Settings → AutoMod
2. Create a rule: "Block specific keywords"
3. Add known phishing domains (discord-nitro.com, steamcommunity.ru, etc.)
4. Action: Delete message + timeout sender for 1 hour

Also block:

• Links from accounts less than 7 days old
• Links from members who haven't verified yet

Bot Protection

Wick — Specialises in security and phishing detection:

• Automatically detects known phishing domains
• Quarantines suspicious accounts
• Alerts staff immediately

BeepBot / PhishermanAPI bots — Block links against community-maintained phishing databases.

Member Education

Pin a message in your server explaining:

⚠️ Discord Scam Warning
Discord will NEVER DM you about free Nitro.
Do NOT click links claiming:

"Free Discord Nitro"
"Steam account verification"
"Your account will be banned"

Report suspicious DMs to moderators immediately.

Responding to a Phishing Incident

1. Immediately ban the compromised account
2. Post a server-wide warning
3. Lock channels temporarily if the attack is ongoing
4. Advise members to enable 2FA and change passwords
5. Report the account to Discord Trust & Safety

A secure server builds trust with members — mention your security practices on Discords.ai.

Related: Discord Server Security Checklist · Discord Scam Prevention Guide