A new type of Discord scam has been on the rise. Only this time, some experienced users also seems to be falling for it. Here’s exactly how this notorious scam works, and how it steals your account.
With millions of accounts being created and active every single day, Discord has been on an exponential rise since 2020 Covid lock down.
With the rise of accounts, there are bound to be users with bad intents for your account. It’s no news that as Discord has grown, so has the rise of scams, phishing, and spread of malicious links.
However, this new fake QR code is to stay away from.
It starts with a DM
It will start with a DM from one of your friends who have fallen into this scam by themself. They will DM you out of the blue with the following text word for word:
“heyy ummm idk what happened or if its really you but it was your name and the same avatar and you sent a girl erm **** stuff like what the fuck? [SERVER INVITE] check #shame and youll see. anyways until you explain what happened im blocking you. sorry if this is a misunderstanding but i do not wanna take risks with having creeps on my friendslist.”
— your friend (hacked account)
The server you will be invited to may have different names, there may be 1000–4000 members or more so you’d assume its real. Mainly because the server will be called “Shame | Exposing …”.
Can my account get hacked by joining the server?
Simple answer is no. The invite link is not a phishing site, its a real invite to a Discord server. The problem starts in the verification system in the server.
The Fake QR Verification with Fake WickBot
Because you are so intrigued by the message your friend sent, you think that you have to check out the server. But upon joining you see that there’s a verification system and its not a normal one.
You will see a fake Wick Bot asking you to scan a QR code using your Discord mobile app. And before you know it, your account is compromised. Again, wickbot.com has nothing to do with this scam, the bot in the server is fake/forged bot or embed.
As a security measure, Wick has added this information on top of their website recently to help save Discord accounts.
The QR code scanning feature is a useful feature on the Discord mobile app to instantly log in to your account from a PC or laptop. Only this time, scanning a third party QR code (not officially from Discord), your account will be in control in the wrong hands.
As a result, your compromised account will send the same “heyy ummm” message to every single one of your friends. Completing the scam circle and enlarging the web and compromised accounts’ database.
If you’ve been a victim, here are the next steps:
- Immediately leave the Discord server you were invited to
- Change your password on your Discord account. This will reset your account token so that the hackers cannot control your account anymore.
- Your friends may have been blocked, check your blocked accounts list, add them back, and apologize to them.