Game Account Takeover Scams on Discord
Attackers use Discord DMs, phishing bots, and fake support servers to steal game account credentials or authentication tokens, locking legitimate owners out and reselling or draining the accounts.
Part of: Game Account Takeover Scams
Last reviewed: 1 June 2026
Game accounts with rare items, high ranks, or accumulated in-game currency have real monetary value on underground markets. Discord's ubiquity in gaming communities means attackers can reach millions of players with fraudulent account-recovery, staff-impersonation, or trading-related pretexts that all ultimately aim to capture login credentials or session tokens.
Because Discord is considered a trusted communication layer for gaming, players are far less cautious about links shared there than they would be about unsolicited emails. A message arriving in the same channel where a guild discusses strategy is processed with far less scepticism than a cold outreach from an unknown sender.
How this scam works on Discord
One common method involves a fake 'game security team' DM claiming the recipient's account has been flagged for suspicious activity. The message provides a link to a spoofed login page and urges the player to 'verify' their identity within a short time window or face a permanent ban. Players who log in on the fake page immediately lose access.
A second vector exploits Discord's authorisation flow. A malicious bot invites users to connect their gaming account to a Discord bot for a reward. The OAuth permissions requested include account management scopes that allow the attacker to change the email and password, effectively locking the real owner out.
Trading-related account theft is also widespread: a buyer offers to pay for a high-value game account and requests a 'test login' to verify the account before completing payment. Once they have the credentials they simply change the password and disappear.
Common red flags
- Unsolicited DM from a user claiming to be from a game's security or support team
- Link leads to a site that looks like your game's login page but has a different domain
- Bot requesting unusually broad OAuth permissions including account settings or email access
- Urgent language warning that your account will be banned if you do not act within minutes
- Offer to buy or trade an account — sharing credentials violates most game terms of service and enables theft
- Request for your two-factor authentication code or recovery backup codes
How to protect yourself
- Enable two-factor authentication on both your game account and your Discord account using an authenticator app rather than SMS where possible
- Never share your authentication code, backup codes, or session cookie with anyone, regardless of the reason given
- Access game support only through the official website — not through a Discord link or DM
- Audit the OAuth applications connected to your Discord account regularly and revoke any you do not recognise
- Use a unique, strong password for each gaming platform so a single compromise does not cascade
- Check that any trading partner is verified through the game's official trade system rather than a verbal or Discord-only agreement
How to report it
- Report the malicious account or bot to Discord Trust and Safety using the right-click report menu
- Contact the game publisher's official account recovery team immediately if your account has been taken over
- File a report with your national cybercrime authority if money was lost in connection with the account theft
Frequently asked questions
Can I recover a game account taken over through a Discord phishing attack?
Recovery is possible but not guaranteed. Contact the game publisher's account security team immediately with proof of original ownership such as the email used at registration, purchase receipts, or device history. The sooner you report the takeover the better your chances.