Fake-Moderator Phishing: Account-Takeover Scams Impersonating Reddit Staff

A persistent, Reddit-specific phishing pattern involves scammers impersonating moderators or an 'official' review team and privately messaging users with urgent warnings about bans or required 'verification.' Victims are pushed to fake Reddit verification or appeal pages that harvest their username, password and two-factor codes, leading to account takeover. The scams favor large, busy subreddits and frequently target new accounts or people posting sensitive topics. Security guidance notes that legitimate moderators are listed in the sidebar and never pressure users privately, and recommends locking down inbox and chat settings and enabling app-based two-factor authentication. The technique mirrors the credential-and-token theft used against employees in larger Reddit breaches.