Fake IT Helpdesk Credential Scams on Discord
Attackers use Discord to contact employees of tech companies and gaming studios, impersonating internal IT or security teams to harvest work credentials under the guise of urgent account actions.
Part of: Fake IT Helpdesk Credential Scams
Last reviewed: 1 June 2026
Many technology companies, game studios, and creative agencies use Discord as an internal communication tool or maintain active presence in gaming and developer communities. Attackers target employees by joining the same Discord servers and establishing contact as apparent colleagues or IT support staff.
The casual, community-focused atmosphere of Discord can reduce the formality with which employees assess credential requests, compared to a formal corporate email.
How this scam works on Discord
An attacker joins a Discord server used by employees of a target company — either a public community server or a server they gain access to through social engineering. They identify an employee, establish a rapport over time, and then DM the target claiming to be from IT security, saying a VPN or work account needs re-verification.
The message includes a link to what appears to be an internal login portal. When the employee enters their credentials, the attacker receives them in real time and uses them to access corporate systems. MFA codes may be intercepted through a real-time phishing proxy that forwards the authentication request.
Alternatively, the attacker posts in a general channel claiming an urgent IT announcement, directing all members to verify their accounts through a malicious link.
Common red flags
- Discord DM or channel post from an account claiming to be your company's IT or security team
- Request for work account credentials or MFA codes via a Discord message
- Link to a login portal sent via Discord rather than through official internal communication
- Attacker account that joined the server recently or has limited posting history
- Urgent framing about a security incident requiring immediate credential verification
How to protect yourself
- Verify any security or credential request through your company's official IT helpdesk — never via Discord
- Do not click work login links sent in Discord messages
- Report suspicious accounts to the server moderators and your IT security team
- Enable multi-factor authentication on all work accounts to limit the damage if credentials are stolen
- Advocate for server security policies that prohibit credential requests via Discord
How to report it
- Right-click the Discord account and select 'Report' to flag it to Discord Trust & Safety
- Alert server moderators and your corporate IT security team
- Report to your national cybercrime authority if corporate accounts were breached
Frequently asked questions
Should companies allow employees to discuss work matters in public Discord servers?
Security policies vary, but employees should be trained to treat any credential request in any messaging platform as potentially fraudulent, regardless of how trusted the server or the contact appears. Corporate credential requests should always be verified through internal systems.