Discord is an online communication and digital content platform that has found popularity since its inception in 2016. 150 million monthly users leverage the platform to communicate with friends and communities by voice, instant messaging, and by sharing other forms of digital content. Although Discord has been historically popular amongst gamers, as the platform continues to grow so has the diversity of its communities. This has been especially evident throughout the recent pandemic where Discord has become a popular platform for teachers to connect with their students and students to connect with their peers.
As Discord becomes more widely adopted, the likelihood of bad actors abusing the service also increases. This should not discourage the use of the service but rather encourage the use of cyber best practices to keep yourself, friends, and communities safe. Consider following these safety tips when using Discord and other online services.
Do not share personal information. When you first create a Discord account, you choose a username that becomes your identity while using the service. As most Discord communities are anonymous, do not share your personal information with others, especially when using a public internet network. Personal information includes your real name, address, email, phone numbers, and social media accounts. In the wrong hands, this information can be used for malicious purposes to cause harm to yourself or others.
Use multifactor authentication. To keep your account safe and provide an additional layer of security, enable multifactor authentication for Discord. Multifactor authentication requires an additional device to verify that you are who you say you are. Instead of only logging in by using a username and password, Discord will confirm that you are who you say you are by sending you an alert to your mobile device that you must accept. Enabling multifactor authentication dramatically decreases the likelihood of your account being compromised!
Be skeptical of links and files shared in Discord. Phishing is a commonly used tactic by bad actors to get victims to click on harmful links or download malicious files. Bad actors often attempt to obfuscate their malicious links and files by making them appear harmless. Unfortunately, phishing and other forms of social engineering are the most common methods of compromise and to avoid becoming a victim requires skepticism by the user. This is especially true when participating in public Discord communities but should also be followed when participating in private communities, as you never know when a friend’s account may have been compromised.
Check your Discord privacy settingsand ensure they are appropriately set. To review and update your privacy settings, navigate to Settings then “Privacy & Safety”. Consider changing your settings to match the following:
- Safe direct messaging – Set to “Keep me safe”. This setting scans and deletes all direct messages that you receive that contain explicit media content.
- Who can add you as a friend – Disable the “Everyone” option. This setting will keep strangers from adding you as a friend.
- Server privacy defaults – Disable the “Allow direct messages from server members” option. This setting will not allow strangers to direct message you.
Use strong passwords. When creating a password for Discord, do not use the same password that you use for other services. Create a unique, strong password that only you know.
Consider using a VPN. Your IP address provides information about who and where you are. By using a Virtual Private Network (VPN), you can change your IP address to appear as though you are in another area of the world and your personal information will no longer be associated.
Have questions? Contact the Information Security Office by emailing security@ohio.edu or calling 740-566-SAFE (7233).