Obsidian Fleet’s Discord Server recently experienced a level-one hullabaloo when a phishing scam compromised some of our members’ discord accounts (June 16th and 17th). Our organization has come to rely on Discord for self organization, for interconnection, and for day-to-day shooting of the breeze. The incursion was described by one person as something like a buzz saw, cutting through our shared community. Other RPG organizations likewise experienced a simultaneous scam attack among their Discord servers. As we communicated, we were able to exchange this information.
We would especially like to thank the other server owners and Fleet leadership in the adjacent RPG community for acting quickly and in concert together to contain the scammer(s); with every account the scam compromised it had the potential of exposing more and more of our inter-connected members who share mutual friends and mutual servers.
As far as we are aware at this time, there were unfortunately six accounts in our greater community which were compromised by the scam. Although the compromised accounts had to be contained and removed from our servers, we are holding out hope that the affected players can recover their compromised Discord accounts.
Nikki (a Fleet Council Member here at OF) would like to extend our sincere and special thanks to:
-Skyward who first raised the alarm in OF’s server (stay cynical my friend!)
-Ken Gillis from Independence Fleet and The Simming League especially for his concise directions on this specific kind of scam which he posted quickly and broadly. Your advisement was truly excellent, thank you.
-Beth from Sim Central who was quick to inform and supply confirmation of compromised accounts and who volunteered screenshots demonstrating the scammer’s script.
-Hosts at Khitomer Conference
-MamaDuck from Theta Fleet
-Kate and TheOldMan at 16th Fleet
-CoffeeAddict of The Infinite Pantheon and Star Trek Fan Fiction Writers
I’m sure there were others beyond my own contact list who acted and communicated as the message was passed on and the warnings published to our announcement channels. My thanks to everyone in our wider network who took action. It was like forming a digital fireline!
The scammer was attempting to obtain account and banking data from players by convincing them (often through the skinsuit of the friend’s account they had stolen) that they had been reported and telling them in order to resolve the issue they needed to work with another account in DMs. The scammer made it feel urgent, as if by not acting, the account would be lost. Discord will never do this. Discord has a ticket system through the official website. Never give out your passwords or auth codes, never change your account’s email to one someone else is trying to pressure you to for seemingly technical purposes. Never give banking information over a DM in Discord.
Thank you additionally to all of our Obsidian Fleet GMs who responded swiftly to remove the compromised accounts from individual game servers and limit the scam’s reach among the other members of the community. Thank you to other fleets and server owners who got the message and acted immediately and reported back any suspicious activity they had heard of.
We sincerely hope the players affected are able to recover and we advise everyone to be understanding as they return to their fleet and game servers with new discord handles.
This experience reminds us all to stay vigilant and not to think that you’re too smart to get caught unawares or at a time of vulnerability. Phishing scams cast broad nets designed to pressure people into playing into them. As the dust from the damage settles, don’t let the scam do further damage to friendships via either paranoia that everyone is a scammer OR by naively believing you would never get taken in by one. Ironically you’ll be safer if you remember you’re human and susceptible at times too.
If you think someone from the RPG community has an account that a scam is being conducted from, please screenshot the DM and share it with a mod or leader in your fleet. They will intuit if an alarm needs to be raised (for instance, if they are hearing of others receiving the same scam). It’s better to contain the compromised account than just to ignore it and allow it to continue trying to use mutual friends and mutual servers to try to find someone at a weak moment to take advantage of.
This fire drill and the unity that came up in addressing the problem reminds us all that beyond quibbles and differences, we really do care and want to keep each other safe and able to play and to enjoy one another’s company.
Stay frosty. Have compassion.
~nikki, OF Council-member-at-large