Depends a lot on your threat model, of course, but here’s what I do:
use a temporary (but recoverable) email
use smspool or similar to verify my phone for less than a dollar
run Discord in a hardened Firefox profile (hardened browser settings + uBlock)
turn everything relevant off in Discord settings just in case
don’t share PII in conversation
use a VPN (or Tor)
Using a hardened browser and not giving them your real phone are likely the most effective steps, everything else is either less relevant or overkill. As I said, depends a lot on your threat model and on your requirements (some things may be unachievable if you’re forced to use Discord by your employer, for example).