Security

Security is an important topic to discuss. If security measures are disregarded, your bot and/or account could be at risk of being hacked. This article will share tips about how you can keep your bot and account safe.

Sharing Tokens

Do not share token(s) with anyone. This includes both bot and regular user account tokens. Sharing your bot token with someone (or posting it publicly) grants them full-unlimited access to your editing bot. Sharing your user account token with someone (or posting it publicly) allows them to have full access to your account (even if they don't have your password or email). Once someone has your account or bot's token, there is a high chance of it being used for malicious purposes. For example, stealing personal info, spreading scams, modifying your bot to nuke/raid servers. The only thing you can do is regenerate your bot's token, but likely, the damage has already been done when you regenerate the token. You can't regenerate user account tokens, in such case you need to; you must contact Discord support for an optimal solution. So please, do not risk sharing your token(s) with anyone. The same applies to your account password, in such case you expose your account password; you should change it in user settings as soon as possible.
If your account is hacked, you should contact Discord for further assistance.

Account 2FA

Bot owners should consider enabling two-factor authentication on their accounts. Learn more about 2FA and why it's essential for bot owners.

Avoid Scams and Untrusted Links/Files

Scam (or "phishing") links put user’s accounts, personal information, and IP addresses in the hands of scammers and hackers. There's some good news, these scams are preventable! This section will discuss how to protect yourself and your friends from harmful scams.

  • Trusted Links are links that can be trusted to visit.
  • Untrusted Links are links that should be avoided.

This sub-section will breakdown how you identify trusted and untrusted links.

Does the link have a weird spelling?
If a link looks shortened or altered, that usually means it's an untrusted link. For example, discord.com is the official Discord site; while something like dlscird.com is not.

Is it out of context?
If a user sends you a link that is out of context of your previous discussions (or if you've never talked to them) then you can bet on it being untrustworthy.

Was the link sent by a friend?
At first glimpse, you'd assume this makes the link more trustworthy. But, it could be that their account has been compromised, so still, be careful when clicking links from friends.

Too good to be true?
Free Nitro scams are extremely common. If you get a DM from a random user/bot telling you that you won something or can earn Nitro, just disregard it.

Asking for your password/user token?
If a site is asking for your Discord account information—don't input it. You should only share your Discord password via Discord's official login page. Discord will never ask for your user token.

System Messages

If a message is official by Discord, there will be a 'system' badge next to the system user's name, like:
image

The following is a list of all official Discord links that are operated by Discord themselves. discordapp.com, discordapp.net, discord.com, discord.dev, discord.new, discord.gift, discord.gifts, discord.media, discord.gg, discord.co, discord.app, dis.gd, watchanimeattheoffice.com

Common Scams

ex1
This scam is using a phishing "steam community" URL, to potentially steal your account details.

ex2
Inviting the bot will cause your server members to be mass DMed, with the same/similar message you got. Also, Nitro Generators break Discord ToS.

ex3
"I reported your steam account on an accident" scam.

Files

Files are like links, treat them with the same care. Avoid downloading non-image/text files. And, don't fall for these types of scams:
image

Maintain a Safe Account

Keep in mind, if your account gets hacked; said hacker will have access to all your bots and their tokens. For more info about setting up a secure account, read Discord's Support Article.

Summary

Never share your account token or password with anyone, the same stands for your bot token(s). Do not visit untrusted sites or download untrusted files. Keep your account safe, as if your account gets hacked; then your bot(s) could be hacked as well. Thank you for reading this article, hopefully, you found these tips helpful.