Today, on the 27th of March 2021, The Coding Den was subjected to a social engineering attack that lead to a brief hostile takeover of the server before the situation was brought under control by staff. We are sharing this statement as a public service announcement on the methodology used in the scam and possible remediations to prevent it, in order to help other staff teams avoid becoming victims of it.
The attack proliferates as follows:
- The attacker will look for a staff member who is presently offline. This will ensure that it appears as if the staff member's account was globally banned and forcefully booted offline.
- It is within the attacker's interest to choose a target with the highest possible privileges (to do the maximum amount of damage), meaning that they will likely prefer administrators over moderators and so forth.
- The attacker will create a new Discord account with the same name and profile picture as the target.
- The attacker will approach a staff member, claiming