What the user sees
The lure as presented
- A server message or DM advertises an NSFW Discord server.
- After joining, the victim is asked to verify with a button, QR code, or external page.
- A familiar sender may already be compromised.
What happens behind the scenes
What the attacker is trying to obtain
1Invite link
2Verify or scan QR
3Session capture
4Account control
- The flow abuses QR login or OAuth consent to obtain control over the account state.
- Authorized apps may gain permissions such as joining servers on the user's behalf.
If you fell for it
What to do first
- 1Change the Discord password and log out all sessions.
- 2Remove suspicious entries from Authorized Apps.
- 3Change reused passwords and warn people who may have received links from the account.
How to avoid it
Where to stop before damage
- Do not continue through server invites or verification flows you do not trust.
- Treat QR codes as possible login actions, not harmless images.
- Ask a trusted person to check a suspicious link before interacting with it.