Nitro / Boost Giveaway Scam

Got a DM from a bot or user that says you won free nitro or boosts? It's most likely a scam.

How it works:

1. A bot DMs you with a what seems to be a nitro gift.
2. The button to claim links to a different website that prompts you to login to your Discord account.

❓ Can you spot the difference between the two attached images?

The real nitro has the claim button as part of the embed, not a button below it.

Main Takeaways

1. The button to claim nitro or boosts will never be below the embed.
2. If you do happen to click a link that asks you to login, always double check you are on discord.com, not a website that is similar.
3. Verified bots do not guarantee that everything they send is real. Many times these are from hacked bots.

Discord gift link awareness
This is not about a scam, but this is just for more information around it.

Some of you may have seen a discord gift invite that doesn't seem like a typical Nitro gift, but rather for something like "Nerd" with a nerd emoji and gif when hovering.

While this is a legitimate Discord gift, it's for a game and not for nitro!

Background Info
Discord used to have a game store where developers can sell games. This store has closed in 2019 and you can no longer purchase games on it. (blog post relating to it: https://discord.com/blog/whats-coming-for-nitro)

Developers can still create a gift link for their game, which is what you see shared. If you click on the embed instead of the link, it will open the store page which shows that it is a game.

Oh no I accidentally reported your Discord account!

❓ Have you received a DM from someone saying they have accidentally reported your account and your account may be suspended?

They will send a screenshot of an email that claims your account will be banned if you don't friend & message a fake Discord security/staff member. This is not Discord staff and they will attempt to steal your information/account.

What happens if you DM them? They may tell you to change your account's email to theirs as a way to "verify" your account. This will give them access to your account.

Note: This is a similar scam to an older common steam scam. If you're familiar with that, it's the same as that but with your Discord account instead of Steam.

Things to remember

1. Scams typically pressure you with sense of urgency. - Don't let anyone rush you to do things related to your Discord account.
2. Scammers now will act sorry to make you more trusting. - They might send a lot of sad emojis or sad gifs. Always be wary of messages from people you do not know.
3. Discord support will never be through Discord messages. - Anyone can make an account with a name and profile picture that looks like staff.
4. Do not change your email to someone else's - If someone asks you to change your account email, this will give them access to your account. This is never going to be a real way to verify accounts.
5. Someone truly accidentally reporting you will not result in any harm.

Examples

Attached are real examples of messages sent for this scam. Note the pressure of urgency and apologetic messages.

🛡️ ❌ Fake Verification Bots

This is commonly found on fake NSFW servers. If you join a server and they require you to verify your account, it is very likely it's a phishing website.

❓ What's a phishing website?

A phishing site is a fake website that is made to look like another one to steal information like your login information.

Anyone can make their own website look like another one, so always double check when you enter in sensitive information like your login info. Your information will be sent to malicious people instead of Discord.

🤔 How do I avoid them?

The most important thing is to always double check the website you are on before entering your email and password.

• Make sure you are on discord.com and not any other website!
• Bot or "protection" websites are not an exception and will be bad if it shows you a Discord login page.

🫣 What does it look like?

Below are annotated screenshots of what a fake verification bot looks like, along with a fake Discord login website that is not on discord.com.

Note: There are NSFW terms shown in the screenshots but no NSFW material.

Steam Phishing Scams

This is the most common scam we are seeing right now. Most are blocked by our server AutoMod rules, but you may see them in other servers or when they occasionally get through.

🎭 How it works

1. You see someone offering a $20 or $50 Steam gift or similar rewards.
2. The message includes a fake Steam login link that looks real but has a slightly different URL (e.g., steamscommunuty.com instead of steamcommunity.com)
3. If you enter your Steam login details, scammers steal your account and can lock you out.

🚩 How to avoid phishing scams

🔎 Look out for red flags!

• Too Good to Be True – Free money? Free Steam credit? Free Discord Nitro? Anything free is nearly always a scam, especially if you didn't enter giveaways or events.
• Masked URLs - Links you see on Discord could go to a different one. For example, this link: discord.com looks like it goes to Discord, but it is actually different website. In this example, it goes to YouTube, but scammers can make it go to a phishing website.
• Suspicious Links – Always double-check URLs after you open them in your browser. Fake ones have extra letters, misspellings, or weird domains.
• Urgency & Pings – Scammers want you to act fast without thinking.

🕵️ What do the phishing messages and sites look like?

Please check out the screenshots below - Recognizing what they look like is very helpful to avoid falling for them.
What's in the screenshots?

• Phishing scam messages
• Steam phishing site example
• Video of how to tell if it's a fake login window

🛡️ Stay Safe

✅ Never Click Suspicious Links – If you want to login to a website like Discord or Steam, navigate to the website yourself instead of using someone's link. If you click on any suspicious links, do not enter any login information.
✅ Check the Sender – If a friend sends a strange message, ask them directly on a different platform if you are able to. They might be hacked.
✅ Report & Block Scammers – Right-click the message, click "Report Spam", report it to us in @serene turtle, then block the sender.

Uncertain if something is a scam or not? Please don't hesitate to ask us by messaging @serene turtle .

🔒 2FA and Passkeys

You’ve probably heard people say to enable 2FA (2 factor authentication) on your Discord account. But what does 2FA actually protect you from?

There are also passkeys, security keys, and passwordless logins on Discord -- if you haven't set them up already, here's why you should!

🛡️ What is 2FA?

2FA (Two-Factor Authentication) adds an extra step to log in. After you enter your password, you need a code from an app (like Google Authenticator or Authy). It’s like a second lock on your account.

✅ What 2FA Actually Protects You From

1. Reused Passwords – If you use the same password on Netflix and Discord, hackers who steal one can’t access both if you have 2FA.
2. Leaked Passwords – If your password gets exposed in a data breach (check haveibeenpwned.com), 2FA blocks hackers from trying those passwords logging in as they don't have the second code.

❌ What 2FA Doesn’t Protect You From

Phishing Scams
Like the Steam scams above, phishing sites are fake sites that ask you to login. Once you enter your password, they simply also ask for your 2FA code like a typical login and take over your account.

Example:

1. You click a fake Discord link
2. Enter your password
3. Enter your 2FA code
4. Scammer steals it and logs in before you realize the site was fake.

🔑 What Are Passkeys?

Passkeys (aka “passwordless logins”) are fairly new. They replace passwords and 2FA codes with a secure digital key stored on your device (like your phone) or in a password manager (e.g. Bitwarden).

How it works:

• You log in with a fingerprint, face scan, or PIN.
• No passwords = nothing for hackers to steal.
• Works across devices (like logging into Discord on a PC using your phone’s passkey).

Why Passkeys Beat Phishing
Passkeys are phishing-proof because they’re tied to the exact website or app you’re using.

Even if you click a fake link, the passkey won’t work on the scam site. Hackers can’t steal a code or password because there’s nothing to steal!

📱 How to Set Up Passkeys on Discord

Follow the official Discord guide to setup passkeys!
https://support.discord.com/hc/en-us/articles/25966860846231-Security-Keys-Passkeys-and-Passwordless-Login-on-Discord

🚨 Stay Safe!

• Use passkeys whenever possible – They’re safer because they prevent phishing.
• Use a password manager - You can store your passkeys in password managers like Bitwarden (free!) so you can reuse them on all your devices.
• Always double check links- If you need to login with your password and 2FA code, it doesn't protect against phishing

Unsure if a login page is fake? Don't hesitate to message @serene turtle for any questions or help!

TL;DR: 2FA stops password leaks, passkeys stop phishing. Use both if you can

Get notified about future posts on common scams, account security tips, and platform changes -- Add the new <@&1353437500852535347> role in id:customize . The <@&1040324872477360149> ping won't be used in the future for these posts.

$3000 for "FREE"? -- Deposit Scam

What's happening?

Scammers are sharing fake screenshots to lure people into scam websites.

1. Fake news post (e.g. BBC) - Examples attached.
2. Fake celebrity endorsement (e.g. MrBeast)
3. $3000 “reward” for registering
4. Fake withdrawal confirmation

These are spread by hacked Discord accounts, often across multiple channels.

💸 How the Scam Works

1. 🪙 Fake Reward

You’re told you’ll get $3000 just for signing up. It's not real of course, just bait.

2. 🧾 Fake Verification

When you try to withdraw, the site asks for personal info like your name and birthdate.

3. 🪤 Deposit Trap

Then they ask you to deposit your own money (e.g. $150) to “verify” your account. But your money is gone, and of course you’ll never get the $3000.

🚩 Red Flags

• Too good to be true – No legit site gives away money for free.
• Urgency – Pressure to “act now” or “limited time.”
• Deposit-to-withdraw – Real platforms don’t make you pay to get paid.
• Spammy spread – Random or hacked accounts pushing links everywhere.

🔒 Tips to Stay Safe

• Avoid clicking links from random DMs or suspicious messages.
• If a friend sends something strange, verify through another app - they might be hacked.
• Don’t trust screenshots as proof.
• Check official sources before signing up for anything.
• Report scams to Discord if in your DMs and server mods.

-# <@&1353437500852535347>

QR code phishing

Got a DM from someone with an invite link saying they saw you sending "****" stuff and will be blocking you? It is most likely a phishing attack to hijack your account!

How it works:

1. Hijacked accounts DM you or send messages in a server with a server invite.
2. A bot asks you to verify to access the server by clicking a verify button. This bot is usually called "Wick" but can be other "Verification" related names.
3. Clicking the verify button shows a QR code, and tells you to scan it with your Discord app. Scanning the QR code with your mobile app gives them access to your account.

What do I do if I scanned a malicious "verification" QR code?

1. Immediately change your Discord password.
2. Delete any messages you have sent containing the malicious server invite to prevent spreading it.

Main takeaways
Do not scan any QR codes with your Discord app you see in a server or from a bot.

The only time it is safe to scan a QR code is when you are logging into Discord and you are 100% sure you are on discord.com and not a different website.

If you receive any of these DMs, please message @serene turtle with screenshots and the user ID.

Account Suspension Notice / Feedback Forum Scam

If you receive a DM from a bot (such as MEE6) or from a user claiming your account will be suspended, this is most likely a scam.

How it works:

1. A bot DMs you claiming you have or will be suspended for violating the Discord terms of service, sometimes linking to a post on https://support.discord.com to appeal the ban. These also typically pressure you to do something within 15 minutes or you will be suspended.
2. The appeal procedure will then link to a website that is not on discord.com to steal your login information.

Main takeaways

1. Official Discord messages will only come from a "System" message, not a bot.
2. Anybody can make posts on https://support.discord.com, this is not where Discord sends you official messages.
3. Scams commonly try to give a sense of urgency, saying you need to do something quick or something bad will happen.