Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Beware: Free Discord Nitro Phishing Targets Steam Gamers

Beware: Free Discord Nitro Phishing Targets Steam Gamers

​A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams.

The phishing scam is being conducted by many Discord accounts controlled by the threat actors or as automated bots that send other users links to what is supposedly a guide on how to receive Discord Nitro for free.

“See, here free nitro 1 month, just link your Steam account and enjoy,” reads the phishing messages sent to Discord users as shown below.

Also Read: Top 10 Best Freelance Testing Websites That Will Pay You

Baiting victims with direct messages on Discord
Baiting victims with direct messages on Discord
Source: Malwarebytes

While this sounds like a promotional campaign (other than the grammar), the links take victims to a phishing site that the attackers made to look like a legitimate Discord page promoting the Nitro feature.

After clicking on the “Get Nitro” button, a fake Steam login form is displayed, which looks almost identical to the legitimate form. 

In reality, the pop-up is a new window opened right on the phishing page, so whatever Steam credentials are entered are sent directly to the hacker’s server.

Fake Steam sign-in pop-up on the phishing site
Fake Steam sign-in pop-up on the phishing site
Source: Malwarebytes

When attempting to login, victims are shown an error saying, “The account name or password that you have entered is incorrect,” and prompts the user to log in again.

This double-verification method ensures that no typing errors were made during the phishing process and that the stolen credentials are correct.

Also Read: PDP Act (Personal Data Protection Act) Laws and Regulation

Nitro as bait

Discord Nitro is a paid membership plan on the popular VoIP and instant messaging platform, which comes with a set of highly sought-after account customization, content uploading, and server boost perks.

Such is the popularity of Nitro that we’ve seen malware strains distributed using the same bait and even ransomware gangs asking for Nitro gift codes in return for a working decryptor.

The latest scam analyzed by Malwarebytes is very similar to the one seen by BleepingComputer in the Summer of 2019. However, with that scam, threat actors used a “free game” as bait to serve victims with a fake Steam single sign-on page.

As these landing URLs get reported and blacklisted, actors register new ones and move their malicious operations to new infrastructure, as shown by the list below shared by Malwarebytes.

Domains used in the recent campaign.
Domains used in the recent campaign.
Source: Malwarebytes

Similarly, phishing lures are constantly changing with new lures to intrigue gamers with a promise for something free.

With that said, when using Discord, users should be suspicious of any messages claiming to offer something for free if they click on an URL.

There are no things offered for free outside the platforms themselves, so if Steam and Discord run a promotional campaign together, you would see it on either of the respective official apps/websites.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us