1.

What the user sees

The lure as presented

  • A server message or DM advertises an NSFW Discord server.
  • After joining, the victim is asked to verify with a button, QR code, or external page.
  • A familiar sender may already be compromised.
2.

What happens behind the scenes

What the attacker is trying to obtain

1Invite link
2Verify or scan QR
3Session capture
4Account control
  • The flow abuses QR login or OAuth consent to obtain control over the account state.
  • Authorized apps may gain permissions such as joining servers on the user's behalf.
1.

If you fell for it

What to do first

  1. 1
    Change the Discord password and log out all sessions.
  2. 2
    Remove suspicious entries from Authorized Apps.
  3. 3
    Change reused passwords and warn people who may have received links from the account.
2.

How to avoid it

Where to stop before damage

  • Do not continue through server invites or verification flows you do not trust.
  • Treat QR codes as possible login actions, not harmless images.
  • Ask a trusted person to check a suspicious link before interacting with it.