This scam often starts with a friendly direct message (DM) from someone who claims to appreciate your profile picture (PFP) or another aspect of your online presence. They engage in casual conversation to build trust and eventually offer to show you their art. They might say things like, "I really like your profile picture! Do you like art? I would love to show you some of my work."
Once you express interest, they continue the conversation, showcasing their artwork, which might look impressive. Eventually, they ask if you would like to commission them to create a piece for you. If you agree and send them payment, they disappear without delivering the promised art.
In this scam, a random person sends you a friend request and then DMs you, claiming that your Steam account is linked to suspicious activity. They might say something like, "Hey, is this your Steam account? I think it’s been involved in fraud." They will provide a fake report screenshot showing your account information and claim that you need to contact a “Valve admin” on Discord to resolve the issue.
They then instruct you to add the "Valve admin," who is actually the scammer or their accomplice. This fake admin types in a formal manner to appear convincing and requests your Steam purchase history, claiming it is needed to verify your identity. Providing this information allows them to reset your password and take over your account. Alternatively, they might direct you to a fake Steam website to log in, capturing your credentials.
QR Code scams involve malicious QR codes that, when scanned with the Discord mobile app, can compromise your account. These QR codes are often shared under the guise of giveaways or promotions, promising free Nitro or other rewards.
In this scenario, a scammer, often using a compromised account of someone on your friend list, will contact you asking for help with a video, game, or piece of code they claim to have created. They might say, "Hey, can you test this game I made? I need some feedback."
The scammer will then provide a link to download a malicious program or ask you to run a suspicious file. This can lead to malware being installed on your computer and having stuff like credit cards, passwords, tokens, and cookies being stolen from you making you lose everything.
Another variation involves asking you to open developer tools in your web browser while logged into Discord and revealing your user token. This token allows them to take over your account.