There has been an increase in malicious urls and files being spread around Discord lately.
Your account is worth WAY more than you think! A good Discord account could be worth hundreds, if not thousands, to the right person. Trusted community members, administrators of servers, people with lots of friends, and more are great targets for any attack. Anything they can do to spread their malware/scam with some sort of legitimacy to trick users.
Secure your account with 2FA. This will protect against Phishing in some way as they won't have the 2FA token to login as, unless they implement that as well in the form. When entering your username and password somewhere, make sure the address bar reads "discord.com" and NOTHING ELSE.
When you see a URL offering free Nitro that isn't claimable FROM DISCORD ITSELF (with an "Accept" button that doesn't open a browser), it's likely fake. They use tricks like typos (discorcl, dissord, ddiscord, etc) to try to get users to visit a bad URL. This is called a Phishing attack.
When you receive one in DM, please report the user and dm using the "Report" button at the top of the new DM. If you see one in a server that Astra has missed, please contact me using the official Discord server and let me know!
Your friends (yes, your friends!) will send you a file, asking you to test out their super awesome new game. Usually, this'll be an exe file, or a link to something like a website, or itch.io. These files, when run, will steal your login token and send it to the attackers. When used, all of your friends will get a message with the same, attempting to spread it further and further across the Internet to more unsuspecting victims.
If a friend sends you a file like this, please contact them outside of Discord and let them know that their account is compromised.