Fun Fact: They don't actually get banned, they use an alt and give ownership to the server, because when discord removes a server, it permanently bans the one who owns it from discord.
@@Minty. VPNs work almost all of the time. Short of Discord downloading it’s own malware onto your computer to monitor your devices you can easily evade a ban.
@@Templar_Albrecht they can just hotspot from their phone and discord cant ban the hotspot IP because it is used by thousands of different ppl bc its mobile data
They already "scan" images for being inappropriate, so I wonder how hard it would be to add a QR reader to that and if it's a 2FA link then uh oh, block that shit.
Honestly, this would be a nice feature the could add. They've proven it's possible with AutoMod, so why not add some code that scans messages sent and see if the QR Code results in a discord login token, then block it, at the minium. No one on discord should be sending QR Codes in chats that are associated with logging into discord. On top of this, another fix would be to add a timer on how long the QR Code lasts after being generated and only allowing the same IP Address that created the QR Code to scan the QR Code, although this could be problematic for people who aren't on the same network.
I actually thought of something like this trying to find ways to combat phishing, alongside this I'd say a good solution is detecting where the new log-in location is from and having you verify with your phone that it's you, if it detects a QR code and scans it, then the message receiver gets a new log-in attempt from let's say Russia, but they're from the US, the log-in attempt is paused until you accept the log-in request through your phone with 2FA Discord already has your location and scans every message for malicious content, so I don't see why they wouldn't do this to help fight an ever-growing problem in their platform, it would take just 2 more minutes since you already have your phone in hand
This is certainly a pretty dangerous scam since scanning QR codes is pretty trivial for phone cameras now, and I'd imagine in some cases a phone's camera app might just automatically open links as soon as they detect one. There will always be other scams but in this case if Discord could just auto-scan a QR code and check if it's a 2FA code, then the scam would pretty much be dead, since if Discord's QR-checker system can't detect the code, neither would a real user's phone camera.
If this has happened to you. Reset your password ASAP! They get your discord token and they can login to your account. When you reset your password the token will reset as well and the hackers can’t login anymore. Discord has said this them selves. I hope this helps y’all.
Even if discord stops this scam people will eventually come up with new scam ideas Which is why I agree that there should be a penalty for malicious behavior
@@lazyfrog1718 I think the man means suing. People stealing information on discord that have no life’s should be sued. Pretty scary for those scumbags so it’ll work better than just a warning and a ban lmao
This morning a friend sent an invite to a server with the message: check what happened in #general, i cant believe it!. So i joined the server because i was curious but i saw i needed to verify. Luckily i was on discord mobile so i couldnt scan the QR code with my phone because i already was on my phone and i was too lazy to open discord on my laptop. First time that being lazy actually helped for me
I fell victim to this scam, but I got my account back before they changed the email to it or anything so I would lose it completely. Thank God my nitro was paid for by a empty prepaid visa card. Only thing bad that happened that I was sad about is that people I friended but didn't have a mutual server with could have fell victim to the scam and I would have never known.
There should be no way to change your email because discord sends you a confirmation email to your email address to confirm that it's you wanting to change the email.
Same. As soon as I realized what happened I almost immediately changed my password. Luckily I didn’t have any credit card or personal info there besides my email and phone number.
@@Thefootqueen just add this problem too few hours ago. I deleted the bot in settings I think problem is resolve just all my friend receive the link lol.
@@ludaalt3147 well i think u don't have to do more things. Nothing change, no more problem for me so i suppose the bot only sent one time and not spamming
Couldn't discord just have a bot scan every image to see if it contains a login QR code? They already scan for pornographic content which im guessing is a lot more resource intensive than just checking a QR code.
@@hi-kt3qr They already scan everything, including messages. Its used for advertising. Spyware is software that specifically spies on you after infecting a device you own, not data being collected from users by a company hosting the service. If you really want total privacy when using discord you're out of luck im afraid. So yeah, they should do it with QR codes.
@Sir Avian I mean you already need to contact discord and give them your photo ID if you want to do certain things with a bot, im sure it would be no big deal having to do it to post blacklisted QR codes. And yes it would be super easy, I could make a script that would do something similar in 30 minutes. Having it be able to check a ton of QR codes at once is another story but they already check for NSFW images which is some black magic fuckery lmao.
They should've invested in this instead of the whole porn filtering. The filter barely works at all. I am sending totally wholesome pictures, and it's flagged as porn because the skin color or what not. It's completely dumb. I have to cut the image in half, and hope that it goes thru (50% of the times it does)
Online scamming should be against the law and it should result in active punishment irl. Scammers are just too confident that they won't get any consequences from their actions.
As hi already pointed out, the issue with that is that international law is tricky, so passing a law in america to deal with scammers won't do much to help with all of the people scamming out of third world countries that don't tend to bother with those types of laws, and it's also a bit too small of a thing to even bother trying to get put into international law, even if that was regularly enforced.
Wouldn’t say at all that the dev is using it, I’ve developed malicious stuff only meant to be tested on yourself such as a token grabber, the problem lies when you decide to deploy it, it being open source has nothing to do with the people who fork the projects intentions.
@@somedude-vp9ti that can be used to pentest it actually serves a good purpose, this on the other hand only serves one bad purpose. i can’t see how it can be used in a not bad way
@@undefinedchannel9916 so code that shows a severely broken security model discord (a company that seems to not even care seeing all of the security exploits over the years) has only can serve a bad purpose? It also makes no sense why he would publicly post it
@@somedude-vp9ti doesnt make much sense. publishing a specifically harmful tool makes you liable to what others do with it, so it is fine to say the dev is acting in bad faith. if he wanted to showcase Discord's broken QR code system then he couldve just made a video about it, or run an experiment with it that would tell users they could have just been hacked, etc.
Just got one today, scared me, saw a qr code, instantly knew something was off. Thank fuck I didn't scan it. Instantly searched up discord qr code scam and you came up! Thank you :)
Discord should have a sort of test to help you better understand. I remember an update came to adopt me while I was monitoring my little sister on it, and it was a whole thing you had to go through to understand what kinds of scams there are and prove you know how to avoid them. Nothing annoying or too long, just something you have to go through in order to make an account. Personally, I'm very good at not falling for scams, but some people are not. A server owner everybody trusted was warning people about a scam, and pinged *everyone* with the link to the scam. Some people didn't see the part telling them not to click it, and multiple people lost their accounts, it took us a while to get some back but we didn't recover them all.
The best way to slow them down is to rate limit their bot which I think it's possible by spam clicking the button with multiple peoples and that will make their server rate limits their access to Discord's API unless they have good proxies they would get rate limit for too many requests and it restrictes the IP for at least some hours at hard limit -commited from Taiwan
@@zagorxy8090 I have tired it before the issus is they will ban you after too many presses so this requires multiple people spam clicking that button at the same time
I’ve fallen for this before and it made me look extremely dumb. In addition, I bought nitro as a gift a long time ago and discord autosaved the info to the billing section which is just stupid. Safety measures have been taken and I’m completely safe now, but god that was unnecessary and discord really needs to scan for malicious qr codes, remove tokens being able to bypass 2fa or if it’s possible, remove tokens as a whole, or remove QR codes as a whole. I wish I could’ve seen this video earlier.
A update on the repo: The owner took it down, since they didn't want to cause any harm with it. Their words taken from the announcement channel: I recently learned that my project 'Fake-Verification-Bot' was used by many people in a malicious way to scam other people and I'm sorry for that. It is important to know that my work was never created to be used in this way but mainly to show people what it was possible to do just by using the API made available by discord. Since a RUclipsr (with about 80k subscribers) recently made a video about this to warn people, I'm afraid that on the contrary, it will make this project much more known and therefore more used in a malicious way which would be a disaster. So I'm thinking about deleting this directory to avoid more damage or make it private.
Idea 1: fully remove qr codes Idea 2: have discord automatically block images with discord qr codes (because literally no one uses this to send to friends anyway)
Honestly the best solution Discord could do, even though I really don't want the images to be scanned (although its probably already happening...), is for Discord's Image API to find QR codes within images and cross verify them with their authentication system to prevent it. The QR code login feature is fantastic but since its been introduced its been used for so many scams. Although it may take a year(s) for them to actually implement it but thanks for bringing attention to it!
I got that message few days ago, and I joined their server. I clicked the verify button and it gave me the QR code which was to scan it to get access to the server, and within 5 minutes i notice something off, some people's nickname was changed to "this server is scam you must leave", and I felt a bit nervous. I left the server and reported it to the discord!
Two things: 2FA doesn't prevent token logging whatsoever (some people think this) You can't just scan a QR code and get immediately token logged. A token logger runs on your computer, and if it was possible to scan a QR and a program run on your computer without any intervention from you, I'm very sure that the hackers could do way more. What normally happens is either the QR code is a login from phone, and even then, Discord has a warning to not scan QR codes you don't trust, or it redirects to a fake Discord login screen, and that is easy to catch out with the URL being different. Too many people think that if you click a link/scan a QR you get instantly hacked, which is completely untrue. Edit: Token logging works, regardless of if you have 2FA on your account.
you are wrong the qr code is discords official login qr code and doesnt bring you to a fake login screen, it literally makes a new session and gives its token to the instance that generated the qr code, so yes they are simply token logging you by scanning the qr code.
im a little lost on this, what do people scan the QR code? just any qr scanner or the discord QR scanner that is supposed to make it easier to sign in?
If you scan a QR Code from discord. On your screen once you scan the QR Code you will get asked if this is you logging in. If the scammer clicks yes, they are logged in. I have tried logging in with a QR Code and I have 2FA It didn't ask me about a 2FA code. Unless they changed it, it doesn't ask for a 2FA code via a QR Code
Your token is what represents you account on everything. Each message you send, you're sending a request to Discord's servers, and together with that, your token, which is what tells discord who you are. If they have your token, your username, password, email, 2FA, etc. doesn't matter.
3:53 As a bot programmer, I am not completely sold on the fact that the creator made this with malicious purposes. I enjoy making 'fake viruses' or 'fake virus bots' with any intention of harm, just to experiment with what I can do. I think the creator of the program might've thought the same, and really didn't mean to do any harm, or use the program himself. Edit: he actually confirmed this and deleted the repo, mentioned this video in his apology
@@franny6221 I post every single project online, even if they can be used maliciously, to build up a resume for potential future jobs. I do find it pretty suspicious that all of his projects have something to do with token logging, so he might use these projects himself. I don't know for sure...
Well the difference here is that you make "fake virusses" while this is actively used to scam people. This was NOT made for educational purposes, it was made to steal discord accounts maliciously, that "educational purposes" tag is so that github wont remove the repo. Look with your eyes, man.
@@bbernyy64 can't u make a private resume though? I'm genuinely asking because i have no idea about this, isn't there a better way to build a portfolio without endangering people's bank accounts?
@@franny6221 You can set it to private, but other companies / employers won't be able to see your work, which might decrease your chance at getting a job. If i noticed one of my projects was used in such a harmful way i would A. Private the repo or B. Create a backdoor and inform discord about these scams, and not leave it online. This guy might still very well be a scammer, but there is a small room for doubt.
a good way to tell if its a scam if you have better discord installed you can get show hidden channels to see if there are any that are locked chances are they dont exist
Dont talk about things you dont understand. Non malicious by default virus/exploit concepts help educate people and developers(including discord) on a paticular issue.
So does that mean even if I joined the server but as long as you didn't scan anything , nothing will happen? Bcs for me I joined , but I left the server immediately , didn't scan the QR code at all, didn't even know there was one
No Text To Speech: “Why would anyone share a scam bot program if they’re not scamming people?” Also No Text To Speech: “Today I’m going to show you how to speed run making a scam server.”
If you trust discord with your financial information you already deserve a darwin award. Despite knowing how flawed and insecure the login method is, discord still keeps it.
Fell victim to this scam a second ago! Just secured my account and fixed all the crap with it... Even after 5 months of this video being posted Discord hasn't done A SINGLE THING to stop the scammers in their tracks.
This one almost got me, Though I reported the server and within an hour they banned the server which was great! I warned my friends about the scam and they didn't know about the server so hey, at least they won't fall for it!
I had this happen to me like 8 months ago but Discord support wouldn't believe me that this can even happen lol. Logging in via QR code also BYPASSES 2 factor authentication (they won't ask my Authentication app for a code because it's assumed I used my phone already by using discord I guess?) AND it bypasses verification emails for new locations. Literally tested logging in using a VPN to the most remote servers incognito. I got a "was this you???" email only when using my password. With the QR code? Nothing. These QR codes should not exist. Lmfao.
I think the same. ⚠️ *1:* Discord should add some big warning while scanning or some big warning once you log in (only once) that tells you to watch out for scams and tells you some security tips 🔒 *2:* Most important way how to stop scammers is just to do something that will be scammers afraid of. Like that sue. Scammers will be afraid of jail. So they wouldn't do it because you cannot just create new life when you go into jail. So some huge action should be in place. 📜 *3:* People, share like me this video with discord staff under the "Suggestion" category in a ticket so Discord will take some ideas, etc. from this video. It will help and NTTS deserves it. 📌 *4:* Pin this comment, please.
There are 2 warnings while scanning a log in qr code. in red text there is written "Only scan QR code directly take from your browser. Never use a QR code sent to you by another user" and the blue button says "Yes, log me in".
Had no idea about this, stumbled upon this and accidentally avoided the scam. Joined the server thought it was legit (obviously I know now it wasn't). Good thing is, I don't have a secondary device to scan a QR on, and my phone is so broken when it comes to scanning QR codes it wouldn't have even worked. Nice to know that me not having advanced technology for anything helped me for once. Great video as well, very informative
Definitely, scammers need to face serious legal consequences. This has become pretty ridiculous and almost only has upsides for the scammer since he/she will quite easily find some victims and further spread the scam. Besides an account ban, hardware and IP blacklisting, Discord needs to file police reports against scammers in their home countries according to their IPs etc.
The home countries have no jurisdiction to enforce United States law, it will always be US law because Discord is located in the united states of america
how will discord sue them? i mean they have your ip and billing info, but you can just create an alt with temp email and a vpn and they won't be able to find you...
Here is some information me and a group of people have found: It's hosted mainly in Bangladesh and Romania. It grabs your discord token, but your discord token gets reset when you change your password, discord has said it themselves. A lot of misinformation is being spread about this to make people scared. There is about a five-minute delay the bot takes between you scanning the code and you getting hacked. It doesn't change your password nor unadd your friends as my friends account is completely fine except it sent it to everyone on their friend's list. Hope this helps.
some of them do unadd your friends (blocks them). also you didn't watch the video seemingly; it doesn't matter if your token changes as they already have all your user data and possibly personal information. and there is no delay between scanning and you getting 'hacked', unless the bot maker added that in themselves.
If I'm being honest, the whole "you sent a girl nudes so join this server or I'm blocking you" is so over the top and laughably hard to believe. Especially if its sent so many times with literally no change. You know, if I were them, I'd make it a hell of a lot more subtle, like "hey join this server rn" You'd expect dms like that. But hey, I'm not them and I don't plan on ever being them.
This QR code login thing is ridiculous from a cybersecurity standpoint. There's a reason why you don't see other big websites do it ; it's extremely easy to social engineer people into scanning a QR code as they're often seen as just pieces of data that can be read without consequences (and that's fundamentally what they are, except when companies use them for confusing purposes). This login feature is extremely dangerous, you don't reinvent the wheel like that when you're just a VC-funded company that invests more into looks and ease-of-use than actual security.
That github repository is the reason dangerous code should be protected from the public. There will always be a nefarious figure that will turn a good intentioned vulnerability point out into a fully fledged attack.
it should be shared publicly so people can chose to educate themselves on what is happening with these QR code scams or info security in general. It would be worse if it was not available, then only those who find or buy these methods public or not would use them. The same ones who use these techniques to their best gain.
@@hi-kt3qr this has nothing to do with proprietary software, he's only saying that *dangerous* code should not be public, he doesn't say anything about code in *general*
Update on AstraaDev 10-7-2022: Currently it seems like he took his github repo offline or private. My opinion: I agree with the idea that the makers of these tools should be looked at critically however, I do question if he really was malicious. He could have easily sold it without the repository being public. Making a repository public is a stupid move for a highly malicious user. The fact that he took it private now, but made it public to being with makes me question his intentions. Maybe he wasn't malicious after all, or maybe he only did so because he got caught?
I had one of my fav youtubers on my DM's months ago cuz like I wanna say "I'm your biggest fan!" like that, and however weeks later she messaged me the same message "Idk if it's you or..". I'm glad people are spreading awareness of this new scam method :)
Honestly, it was a pretty dumb idea in the first place to allow QR code login. First time I saw it as a login option I thought to myself: "Yeah, that's gonna end well."
@@bbernyy64 its more like 1. grab your phone 2. open discord 3. scan qr code 4. click yes when discord asks if you want to login on that device 5. fall victim to their scam
This has been going around again, one of my friends was hacked. There was no long winded message about leaked pictures, it was just "Yo join this discord real quick". I have scan all messages enabled on my account, so the scary part is it doesn't look like it's being picked up by discord.
I would like to ask if it is dangerous? Because before i watched this video I clicked the link and scanned the QR code, luckily i changed all password quickly.
I don't get these scams. What do the scammers even have to gain? It's not like they can blackmail the person they took the account from and blackmailing their close friends doesn't work either cause these people block you after sending the server link they can't sell your data either cause it's just an account. So what exactly are they trying to gain here?
i remember the first time i got this i almost scanned the rq code, i entered the server and pressed a verify button, but inmmediately left it after i got warned on some stuff, luckily, that was some months ago and nothing happened to my account, i really got scared when i heard i was "exposed", plus it was fishy
Thanks for investigating this I almost scan one of those QR codes after my friend got hack and said i send something disgusting from a minor blah blah blah and there's the "Discord Shaming" server invites
"Good" hackers usually publish stuff like this to put some pressure on companies to actually fix the issue, this QR code scam has been known for years and yet here we are.
some randos managed to add me as a friend on discord, i did not have any servers in common with them and I knew they were bots. One guy sent me a job offer with a clearly malicious link and the other sent 5 messages in a row with, also, a clearly malicious link to a website for free discord nitro
I have been scammed with a the discord fake games thing a long time ago not the qr codes but the name of the repo dev sounded familiar and the fact that they were in france made it even more familiar. Turns out when I got scammed I (tried to) decompiled the python exe file and through searching found a github repo. I continued talking with the guy who had sent me the Token grabber and got my way to find their phone number, rough location and their discord. I added them in friends and wasted their time by for maybe an hour or two. I got them banned from discord but heh they just made new accounts but im happy I pissed them off. And in their bio's they had a fake nitro website that I reported and it went down pretty quickly. Anyway great video and I definitely didn't expect to hear about the same idiots again
happened to get scammed and it sent links to my whole friends list, im truly terrified if anything of my personal info gets leaked. please dont trust these i have created a new account never scan suspicious links.
I almost fell for this. Only found this video by copy-pasting the message text out of caution. "Hello! Are you human? Let's find out! Scan the QR code below on your Discord Mobile app to login."
I've never trusted those DMs I get from my friends. If something sounds wrong, it probably is. It never hurts to ask and probe your friend for more information if you're unsure! It's better to be safe than sorry.
This man says there is a scam shows us how it works shows us where to get it and made a tutorial on how to get it to work now lots of people more likely got it and now do the scam too. If there is a scam don't show how easy it is to get because many more people are going to try it.
Just because an individual has created something in code doesn't mean they use it in bad purpose. I totally disagree with your opinion! It also isn't THAT easy to create the exact template to the bot you were using, you would obviously have members to make the server look more official, a bot that looks real, and a server that has multiple channels...
Seems like the heart of the issue is the lack of innovation and having such a basic sad sack of a method for keeping track of people's accounts such as a token system
This happened to me a week ago, however it's incredibly easy to get everything back to normal, just don't log out of your account. With the qr code they can't get your password, and if you change your password on discord, it will log out every device your account is on. Then just go to settings and see all of your blocked users, then unblock them, it's that easy.
6:50 they should add it so, when you press the button, you will get redirected to a part of the login where there is the warning, and you will have to check the box where it has next to it "I understand and accept", and then after 5 seconds, you should be able to log in. Discord definitely should warn people with a proper message like i just described.
Ikr! One idea that they could use is making the tokens so that they are e2e encrypted. That way, only your computer, and discord's servers would know your token, making it impossible to get token logged. I really hope discord does something like this, because currently, account stealing is way too easy!
I had a gut feeling that this was a scam when I had a friend send it to me. I almost clicked it, but decided to wait a little bit. Then, a second friend got hacked, and I received the same exact message with very slight changes, and then I was 100% certain. Both got their accounts back, so that's a good thing.
Hey, can you please make a video on the discord bot accounts that spam add you to group chats? I had that happen to me a while ago and I wish I heard about it before. Basically you just accept a friend request from someone and the second you do, you get added to about 20 group chats per second named things like "you are an idiot"
I fell for it, but I just ended up changing all the passwords on the accounts I had on my phone. It's not much of a threat if you havent spent anything on discord
i love that there’s minecraft music in the background
Lmao
man talks about serious scam where people can get person info and sensitive info, (casually puts minecraft music in the background)
@@rezmoon yez
Minecraft easily has the best music
i started thinking of that and then like literally not kidding, not, exaggerated 1.3 seconds later i looked down and saw this comment
Fun Fact: They don't actually get banned, they use an alt and give ownership to the server, because when discord removes a server, it permanently bans the one who owns it from discord.
i mean they can create another account, and create another server lol
@@Templar_Albrecht vpns exists tho
@@b4ndoshysty vpns sometimea dont work
@@Minty. VPNs work almost all of the time. Short of Discord downloading it’s own malware onto your computer to monitor your devices you can easily evade a ban.
@@Templar_Albrecht they can just hotspot from their phone and discord cant ban the hotspot IP because it is used by thousands of different ppl bc its mobile data
They already "scan" images for being inappropriate, so I wonder how hard it would be to add a QR reader to that and if it's a 2FA link then uh oh, block that shit.
Honestly, this would be a nice feature the could add. They've proven it's possible with AutoMod, so why not add some code that scans messages sent and see if the QR Code results in a discord login token, then block it, at the minium. No one on discord should be sending QR Codes in chats that are associated with logging into discord. On top of this, another fix would be to add a timer on how long the QR Code lasts after being generated and only allowing the same IP Address that created the QR Code to scan the QR Code, although this could be problematic for people who aren't on the same network.
@@ThatProgrammer Same network restriction would be problematic because if someone is on data and they scan the QR code, that's not gonna work.
I actually thought of something like this trying to find ways to combat phishing, alongside this I'd say a good solution is detecting where the new log-in location is from and having you verify with your phone that it's you, if it detects a QR code and scans it, then the message receiver gets a new log-in attempt from let's say Russia, but they're from the US, the log-in attempt is paused until you accept the log-in request through your phone with 2FA
Discord already has your location and scans every message for malicious content, so I don't see why they wouldn't do this to help fight an ever-growing problem in their platform, it would take just 2 more minutes since you already have your phone in hand
This is certainly a pretty dangerous scam since scanning QR codes is pretty trivial for phone cameras now, and I'd imagine in some cases a phone's camera app might just automatically open links as soon as they detect one. There will always be other scams but in this case if Discord could just auto-scan a QR code and check if it's a 2FA code, then the scam would pretty much be dead, since if Discord's QR-checker system can't detect the code, neither would a real user's phone camera.
It seems like Discord already has a confirmation screen for the QR code. It says are you trying to log in.
If this has happened to you. Reset your password ASAP! They get your discord token and they can login to your account. When you reset your password the token will reset as well and the hackers can’t login anymore. Discord has said this them selves. I hope this helps y’all.
It just happened to me, it sent the server link to everyone in private messages, but I deleted every link again by hand and changed password.
@@Snoop_D0gg me too bro it was so embarrassing
hi bro what happen when you scan the qr using google lens?
thank you 😭
Help what do I do this has happed to me and I cant get into my disord I dont get the 6 digits pls help im begging been like 3 hours now
Props to you for bringing awareness to this scam, I almost fell victim to this!
Good that it was just almost, and not completely.
how bro
i fell for it but dont have any personal details on there so i changed my password
My friend fell for it
@@yeetmeme2421 idk man, it usually should be pretty easy to avoid these things
Discord needs to retire the QR code feature. I think it's causing more damage than it is helpful.
True. And I don’t even use QR Code at all whatsoever
Not really someone like me is just lazy and use it, it's a useful feature but unfortunately it got abused
i use it so i hope they dont
@@hi-kt3qr i use it
@@hi-kt3qr i use it because i keep forgetting my main account's password in pc but my phone is logged in so yea
Even if discord stops this scam people will eventually come up with new scam ideas
Which is why I agree that there should be a penalty for malicious behavior
you think they just don't do anything about it? lmaoaoaoa
@@lazyfrog1718 I think the man means suing. People stealing information on discord that have no life’s should be sued. Pretty scary for those scumbags so it’ll work better than just a warning and a ban lmao
@@AmaanPlayZ how are they going to obtain the legal info to sue?
@@lazyfrog1718 stealing money (Using their money to buy nitro, etc.), stealing up addresses, etc.
@@barneyassman no, how will discord get enough information on the person to sue them?
Discord should fix this problem
y
e
s
how can they fix it their is nothin they can do
no shit
@RIARO so do you want them to not allow people to use custom bots..
@@unit5960 literally just remove the qr code to login lmao ez solve
This morning a friend sent an invite to a server with the message: check what happened in #general, i cant believe it!. So i joined the server because i was curious but i saw i needed to verify. Luckily i was on discord mobile so i couldnt scan the QR code with my phone because i already was on my phone and i was too lazy to open discord on my laptop. First time that being lazy actually helped for me
my content is beter
@@ruinsfnbr776 cope
@@ruinsfnbr776 the only thing you posted is a fortnite XP glitch. Stop trying to advertise your channel
@@ruinsfnbr776 bro you cant even spell better right
And this is why I don't hate the fact that I'm the laziest girl out there.
I fell victim to this scam, but I got my account back before they changed the email to it or anything so I would lose it completely. Thank God my nitro was paid for by a empty prepaid visa card. Only thing bad that happened that I was sad about is that people I friended but didn't have a mutual server with could have fell victim to the scam and I would have never known.
There should be no way to change your email because discord sends you a confirmation email to your email address to confirm that it's you wanting to change the email.
Same. As soon as I realized what happened I almost immediately changed my password. Luckily I didn’t have any credit card or personal info there besides my email and phone number.
@@Thefootqueen just add this problem too few hours ago. I deleted the bot in settings I think problem is resolve just all my friend receive the link lol.
I fell victim to this scam too, ive only changed my password and add F2A authentication, am I still fucked or is there anything else I have to do?
@@ludaalt3147 well i think u don't have to do more things. Nothing change, no more problem for me so i suppose the bot only sent one time and not spamming
Couldn't discord just have a bot scan every image to see if it contains a login QR code? They already scan for pornographic content which im guessing is a lot more resource intensive than just checking a QR code.
@Sir Avian For example, the REAL Wick uses google authenticator WITH A QR CODE.
thats spyware you would feel safe having everything you send scanned?
@@hi-kt3qr They already scan everything, including messages. Its used for advertising. Spyware is software that specifically spies on you after infecting a device you own, not data being collected from users by a company hosting the service.
If you really want total privacy when using discord you're out of luck im afraid.
So yeah, they should do it with QR codes.
@Sir Avian I mean you already need to contact discord and give them your photo ID if you want to do certain things with a bot, im sure it would be no big deal having to do it to post blacklisted QR codes.
And yes it would be super easy, I could make a script that would do something similar in 30 minutes. Having it be able to check a ton of QR codes at once is another story but they already check for NSFW images which is some black magic fuckery lmao.
They should've invested in this instead of the whole porn filtering. The filter barely works at all. I am sending totally wholesome pictures, and it's flagged as porn because the skin color or what not. It's completely dumb. I have to cut the image in half, and hope that it goes thru (50% of the times it does)
Online scamming should be against the law and it should result in active punishment irl. Scammers are just too confident that they won't get any consequences from their actions.
Your right because there are zero consequences and Discords team is dogshit.
it does, but as you said, they get away with it
Help what do I do this has happed to me and I cant get into my disord I dont get the 6 digits pls help im begging
thats hard to enforce because the US isnt the only country on earth
As hi already pointed out, the issue with that is that international law is tricky, so passing a law in america to deal with scammers won't do much to help with all of the people scamming out of third world countries that don't tend to bother with those types of laws, and it's also a bit too small of a thing to even bother trying to get put into international law, even if that was regularly enforced.
Imagine if this dude is behind the scam the entire time and he’s making these videos to cover it up lmao. This prolly isn’t right but imagine
Could be because. He knows
I love how the QR code on the thumbnail brings you to this video. You missed a perfect chance for a rickroll
insanely scummy. probably think they're so smart for scamming people when they just ripped it from github.
@Sir Avian i wanted to comment that! 🤬
I code my own shit, to get pedophiles lmfao.
Wouldn’t say at all that the dev is using it, I’ve developed malicious stuff only meant to be tested on yourself such as a token grabber, the problem lies when you decide to deploy it, it being open source has nothing to do with the people who fork the projects intentions.
Yeah, its just unfounded garbage, its like saying everyone who worked on Metasploit did it for bad reasons
@@somedude-vp9ti that can be used to pentest it actually serves a good purpose, this on the other hand only serves one bad purpose. i can’t see how it can be used in a not bad way
@@undefinedchannel9916 so code that shows a severely broken security model discord (a company that seems to not even care seeing all of the security exploits over the years) has only can serve a bad purpose?
It also makes no sense why he would publicly post it
@@somedude-vp9ti doesnt make much sense. publishing a specifically harmful tool makes you liable to what others do with it, so it is fine to say the dev is acting in bad faith. if he wanted to showcase Discord's broken QR code system then he couldve just made a video about it, or run an experiment with it that would tell users they could have just been hacked, etc.
@@avant4035 "publishing a specifically harmful tool makes you liable to what others do with it", no?
I'm so glad nothing happened to me when I fell for this, guess I was just really fast in changing my password and removing my billing info
They got your billing info if you got token logged before removing it
My accounted was removed 2 days later :(
@@karlito1501 if I change the password and email very quickly after scanning the code, will that prevent them from accessing my account?
@@zifor5395 they use a script so probably not
Just got one today, scared me, saw a qr code, instantly knew something was off. Thank fuck I didn't scan it. Instantly searched up discord qr code scam and you came up! Thank you :)
Discord should have a sort of test to help you better understand. I remember an update came to adopt me while I was monitoring my little sister on it, and it was a whole thing you had to go through to understand what kinds of scams there are and prove you know how to avoid them. Nothing annoying or too long, just something you have to go through in order to make an account. Personally, I'm very good at not falling for scams, but some people are not.
A server owner everybody trusted was warning people about a scam, and pinged *everyone* with the link to the scam. Some people didn't see the part telling them not to click it, and multiple people lost their accounts, it took us a while to get some back but we didn't recover them all.
Help what do I do this has happed to me and I cant get into my disord I dont get the 6 digits pls help im begging
@@nicksartandgaming1151 Dunno what you mean
The best way to slow them down is to rate limit their bot which I think it's possible by spam clicking the button with multiple peoples and that will make their server rate limits their access to Discord's API unless they have good proxies they would get rate limit for too many requests and it restrictes the IP for at least some hours at hard limit
-commited from Taiwan
Unless if they counteract it to not run the script again for the same person, which can be done with a line or two of code I believe
yeah you go first 💀💀
@@zagorxy8090 I have tired it before the issus is they will ban you after too many presses so this requires multiple people spam clicking that button at the same time
Good idea!
No, thats not how it works. If you spam the button then you get rate limited not the bot.
his voice is so chill
I’ve fallen for this before and it made me look extremely dumb. In addition, I bought nitro as a gift a long time ago and discord autosaved the info to the billing section which is just stupid. Safety measures have been taken and I’m completely safe now, but god that was unnecessary and discord really needs to scan for malicious qr codes, remove tokens being able to bypass 2fa or if it’s possible, remove tokens as a whole, or remove QR codes as a whole. I wish I could’ve seen this video earlier.
I changed my password in my discord and email, am i safe now?
my roblox got unlogged which is scary help me
A update on the repo: The owner took it down, since they didn't want to cause any harm with it. Their words taken from the announcement channel:
I recently learned that my project 'Fake-Verification-Bot' was used by many people in a malicious way to scam other people and I'm sorry for that.
It is important to know that my work was never created to be used in this way but mainly to show people what it was possible to do just by using the API made available by discord.
Since a RUclipsr (with about 80k subscribers) recently made a video about this to warn people, I'm afraid that on the contrary, it will make this project much more known and therefore more used in a malicious way which would be a disaster.
So I'm thinking about deleting this directory to avoid more damage or make it private.
they are a freelance dev. they probably got commissioned to do this
At least he had the decency to take the repository down.
Lmao already cloned it. For personal use 😇
@@matthew78917 give me it uwu
@@Ribs351 anti open source losers everything you have downloaded that is propriety is probably spyware by definition
Idea 1: fully remove qr codes
Idea 2: have discord automatically block images with discord qr codes (because literally no one uses this to send to friends anyway)
QR codes I don’t believe are used ever to send to friends on Discord, it’s another way to login to your account. Or I’m misunderstanding you.
Nobody would even think of making a scam bot or a hack, then release it to the public and not use it to scam or hack
well my friend have you ever heard of the job description 'security researcher'
and it's not like the 'good' people don't create tools like these, I mean what is the best way to learn how to stop a hacker than to become a hacker
Honestly the best solution Discord could do, even though I really don't want the images to be scanned (although its probably already happening...), is for Discord's Image API to find QR codes within images and cross verify them with their authentication system to prevent it. The QR code login feature is fantastic but since its been introduced its been used for so many scams.
Although it may take a year(s) for them to actually implement it but thanks for bringing attention to it!
They can better Make the qr code refresh every few seconds and add a small extra code under it to make it dubbed verify. So they can’t steal anymore
Bots could have a legitimate use for QR codes, BUT! Discord should detect Discord's login QR codes, not ban every QR code.
they can read the Qr code and see if it redirects to a discord auth url, and then block the image.
it's really simple to solve...
They do already scan images for explicit content, of which you can block in your settings
@@JasonHorkles true but the filter is horrible and has false positives all the damn time
I got that message few days ago, and I joined their server. I clicked the verify button and it gave me the QR code which was to scan it to get access to the server, and within 5 minutes i notice something off, some people's nickname was changed to "this server is scam you must leave", and I felt a bit nervous. I left the server and reported it to the discord!
I got the message and cried because I lost contact with my best friend, they fell victim to it and deleted their amino account
@@RimFaxxe So sorry for that
Same it just happened to me 😭 now I have to find who else my acc sent the massage to so I can tell them it’s a scam
the fact the qr code in the thumbnail isn't a rickroll is a missed opportunity
and it isnt in the video. This made me sad
the qr code in the video*
after seeing this, i'm developing my own bot which sends you to a rickroll. thanks for the idea!
@@devuxious you genius
@@devuxious ultimate scam bot
Two things:
2FA doesn't prevent token logging whatsoever (some people think this)
You can't just scan a QR code and get immediately token logged. A token logger runs on your computer, and if it was possible to scan a QR and a program run on your computer without any intervention from you, I'm very sure that the hackers could do way more. What normally happens is either the QR code is a login from phone, and even then, Discord has a warning to not scan QR codes you don't trust, or it redirects to a fake Discord login screen, and that is easy to catch out with the URL being different.
Too many people think that if you click a link/scan a QR you get instantly hacked, which is completely untrue.
Edit: Token logging works, regardless of if you have 2FA on your account.
you are wrong
the qr code is discords official login qr code and doesnt bring you to a fake login screen, it literally makes a new session and gives its token to the instance that generated the qr code, so yes they are simply token logging you by scanning the qr code.
im a little lost on this, what do people scan the QR code? just any qr scanner or the discord QR scanner that is supposed to make it easier to sign in?
This is an official discord login qr code. The scammer will just get automaticly logged into your discord Account
If you scan a QR Code from discord. On your screen once you scan the QR Code you will get asked if this is you logging in. If the scammer clicks yes, they are logged in. I have tried logging in with a QR Code and I have 2FA It didn't ask me about a 2FA code. Unless they changed it, it doesn't ask for a 2FA code via a QR Code
Your token is what represents you account on everything. Each message you send, you're sending a request to Discord's servers, and together with that, your token, which is what tells discord who you are. If they have your token, your username, password, email, 2FA, etc. doesn't matter.
3:53 As a bot programmer, I am not completely sold on the fact that the creator made this with malicious purposes. I enjoy making 'fake viruses' or 'fake virus bots' with any intention of harm, just to experiment with what I can do. I think the creator of the program might've thought the same, and really didn't mean to do any harm, or use the program himself.
Edit: he actually confirmed this and deleted the repo, mentioned this video in his apology
why would they post the virus online though
@@franny6221 I post every single project online, even if they can be used maliciously, to build up a resume for potential future jobs. I do find it pretty suspicious that all of his projects have something to do with token logging, so he might use these projects himself. I don't know for sure...
Well the difference here is that you make "fake virusses" while this is actively used to scam people. This was NOT made for educational purposes, it was made to steal discord accounts maliciously, that "educational purposes" tag is so that github wont remove the repo. Look with your eyes, man.
@@bbernyy64 can't u make a private resume though? I'm genuinely asking because i have no idea about this, isn't there a better way to build a portfolio without endangering people's bank accounts?
@@franny6221 You can set it to private, but other companies / employers won't be able to see your work, which might decrease your chance at getting a job. If i noticed one of my projects was used in such a harmful way i would A. Private the repo or B. Create a backdoor and inform discord about these scams, and not leave it online. This guy might still very well be a scammer, but there is a small room for doubt.
"If you use this, you are a peace of garbage"
a little later, he literally shows the whole process
a good way to tell if its a scam if you have better discord installed you can get show hidden channels to see if there are any that are locked chances are they dont exist
Mass reporting or mass media of this scam can help. Now media platforms are getting in trouble just for people posting the same shit over and over.
I can't believe I actually fell for one of these 💀
Same💀💀💀 I just finished unblocking people and messaging them about that fact I got hack 😭
ya same i was dumb
@@Sad_Crys Same, unreal I fell for it. It was tricky though.
I changed my password, am i safe now?
@@MrGameSheep are you safe? Or did something happen in 1 month?
0:45 "This QR code doesn't work so no need to blur" SMILLY FACE :)
I was hopping to scan it and get Rick Roll. 😒
3:20 This was made exactly for what it is being used to, this disclaimer is here just so github doesn't ban the repo
Yeah, I have seen youtubers literally upload videos on how to use these bots and all of them have "educational purposes"
@ChannelForGamers search for server delete or ban all bots or somethin, it has been a long time since I saw one
Dont talk about things you dont understand. Non malicious by default virus/exploit concepts help educate people and developers(including discord) on a paticular issue.
so umm, why make it public then
@@something4922 I'm a developer so I know exactly what I'm talking about. You are perfect r/iamverysmart material
I almost fell for this. I joined the server, but I realized how fishy it was when it started asking me to send a QR Code. I didn't scan it.
Me too
So does that mean even if I joined the server but as long as you didn't scan anything , nothing will happen? Bcs for me I joined , but I left the server immediately , didn't scan the QR code at all, didn't even know there was one
i scanned it bruh help me
No Text To Speech: “Why would anyone share a scam bot program if they’re not scamming people?” Also No Text To Speech: “Today I’m going to show you how to speed run making a scam server.”
In conclusion : don't trust any weird shit about people 'exposing you'.
unfortunately some communities are actually toxic like this and such messages are not out of the ordinary.
No Text To Speech + C418 damn, Anyway Thanks for the information
عندك رابط السيرفر؟
@@ruinsfnbr776 اي سيرفر
C418 is always good.
You definitely earned a sub, you teached and showed me things of the most important which no other youtuber would ever do
If you trust discord with your financial information you already deserve a darwin award. Despite knowing how flawed and insecure the login method is, discord still keeps it.
People who is using discord should Tell discord/report this scam discord server or the virus
@LeGeNDxXxJaaT discord can take down servers
Fell victim to this scam a second ago! Just secured my account and fixed all the crap with it... Even after 5 months of this video being posted Discord hasn't done A SINGLE THING to stop the scammers in their tracks.
This one almost got me, Though I reported the server and within an hour they banned the server which was great! I warned my friends about the scam and they didn't know about the server so hey, at least they won't fall for it!
I had this happen to me like 8 months ago but Discord support wouldn't believe me that this can even happen lol.
Logging in via QR code also BYPASSES 2 factor authentication (they won't ask my Authentication app for a code because it's assumed I used my phone already by using discord I guess?) AND it bypasses verification emails for new locations. Literally tested logging in using a VPN to the most remote servers incognito. I got a "was this you???" email only when using my password. With the QR code? Nothing.
These QR codes should not exist. Lmfao.
I think the same.
⚠️ *1:* Discord should add some big warning while scanning or some big warning once you log in (only once) that tells you to watch out for scams and tells you some security tips
🔒 *2:* Most important way how to stop scammers is just to do something that will be scammers afraid of. Like that sue. Scammers will be afraid of jail. So they wouldn't do it because you cannot just create new life when you go into jail. So some huge action should be in place.
📜 *3:* People, share like me this video with discord staff under the "Suggestion" category in a ticket so Discord will take some ideas, etc. from this video. It will help and NTTS deserves it.
📌 *4:* Pin this comment, please.
There are 2 warnings while scanning a log in qr code. in red text there is written "Only scan QR code directly take from your browser. Never use a QR code sent to you by another user" and the blue button says "Yes, log me in".
5: Fail the last one
I just subscribed because all you are saying is true. I love that you are talking about this. You are the only RUclipsr who does that. Thanks.
Had no idea about this, stumbled upon this and accidentally avoided the scam. Joined the server thought it was legit (obviously I know now it wasn't). Good thing is, I don't have a secondary device to scan a QR on, and my phone is so broken when it comes to scanning QR codes it wouldn't have even worked. Nice to know that me not having advanced technology for anything helped me for once. Great video as well, very informative
Same
Discord needs to remove log in with QR code at this point. It isn't worth the convenience for logging in now
Definitely, scammers need to face serious legal consequences. This has become pretty ridiculous and almost only has upsides for the scammer since he/she will quite easily find some victims and further spread the scam. Besides an account ban, hardware and IP blacklisting, Discord needs to file police reports against scammers in their home countries according to their IPs etc.
Help what do I do this has happed to me and I cant get into my disord I dont get the 6 digits pls help im begging
@@nicksartandgaming1151 Try to contact the support then if all else fails
The home countries have no jurisdiction to enforce United States law, it will always be US law because Discord is located in the united states of america
how will discord sue them?
i mean they have your ip and billing info, but you can just create an alt with temp email and a vpn and they won't be able to find you...
Here is some information me and a group of people have found:
It's hosted mainly in Bangladesh and Romania.
It grabs your discord token, but your discord token gets reset when you change your password, discord has said it themselves.
A lot of misinformation is being spread about this to make people scared.
There is about a five-minute delay the bot takes between you scanning the code and you getting hacked.
It doesn't change your password nor unadd your friends as my friends account is completely fine except it sent it to everyone on their friend's list.
Hope this helps.
some of them do unadd your friends (blocks them). also you didn't watch the video seemingly; it doesn't matter if your token changes as they already have all your user data and possibly personal information. and there is no delay between scanning and you getting 'hacked', unless the bot maker added that in themselves.
I fell victim to this scam, what can i do?
@@ludaalt3147 change your password and check your blocked list, also look at the audit logs of any servers you have perms in
If I'm being honest, the whole "you sent a girl nudes so join this server or I'm blocking you" is so over the top and laughably hard to believe. Especially if its sent so many times with literally no change. You know, if I were them, I'd make it a hell of a lot more subtle, like "hey join this server rn"
You'd expect dms like that. But hey, I'm not them and I don't plan on ever being them.
anyone else fell for it? :(
bro it literally says not to scsn qr codes that arent yours 😑
This QR code login thing is ridiculous from a cybersecurity standpoint. There's a reason why you don't see other big websites do it ; it's extremely easy to social engineer people into scanning a QR code as they're often seen as just pieces of data that can be read without consequences (and that's fundamentally what they are, except when companies use them for confusing purposes). This login feature is extremely dangerous, you don't reinvent the wheel like that when you're just a VC-funded company that invests more into looks and ease-of-use than actual security.
That github repository is the reason dangerous code should be protected from the public. There will always be a nefarious figure that will turn a good intentioned vulnerability point out into a fully fledged attack.
and that's how they end up patched
so true, I've had a minecraft mod I made turned into malware by someone who claimed he didn't code it himself and doesn't even know how to code
it should be shared publicly so people can chose to educate themselves on what is happening with these QR code scams or info security in general. It would be worse if it was not available, then only those who find or buy these methods public or not would use them. The same ones who use these techniques to their best gain.
not another propriety software supporter
@@hi-kt3qr this has nothing to do with proprietary software, he's only saying that *dangerous* code should not be public, he doesn't say anything about code in *general*
Fun to fact I was about to get scammed by the qr thing but I was so lazy since I just woke up I did not do it since lazy ass me was beyond lazy
Update on AstraaDev 10-7-2022:
Currently it seems like he took his github repo offline or private.
My opinion:
I agree with the idea that the makers of these tools should be looked at critically however, I do question if he really was malicious. He could have easily sold it without the repository being public. Making a repository public is a stupid move for a highly malicious user. The fact that he took it private now, but made it public to being with makes me question his intentions. Maybe he wasn't malicious after all, or maybe he only did so because he got caught?
i scanned the qr code, but nothing happened, i just had to login on my phone and it worked but anything more
Lol like how he was like speedrunning it as a joke but also just showed everyone how to do it
Discord users when the task is to not fall for the world's most obvious phishing scam.
These are probably hacked servers thats why they have a lot of members
I had one of my fav youtubers on my DM's months ago cuz like I wanna say "I'm your biggest fan!" like that,
and however weeks later she messaged me the same message "Idk if it's you or..".
I'm glad people are spreading awareness of this new scam method :)
Something similar happened to one of mine but it was a "Free Nitro" Scam on their server (It was like 4am when that happened so I was sleeping)
Honestly, it was a pretty dumb idea in the first place to allow QR code login. First time I saw it as a login option I thought to myself: "Yeah, that's gonna end well."
True, discord should probably just remove it
@@bbernyy64 no its literally the easiest way to login simply removing it is the worse solution to any problem
@@hi-kt3qr
1. Grab ur phone
2. Open discord
3. Scan QR code
VS,
1. Press login (most browsers have password autofill)
2. Press ok 2 times
@@bbernyy64 its more like
1. grab your phone
2. open discord
3. scan qr code
4. click yes when discord asks if you want to login on that device
5. fall victim to their scam
Me who doesn’t take pictures of myself in general:
I don’t have such weaknesses
This has been going around again, one of my friends was hacked. There was no long winded message about leaked pictures, it was just "Yo join this discord real quick". I have scan all messages enabled on my account, so the scary part is it doesn't look like it's being picked up by discord.
Same
I would like to ask if it is dangerous? Because before i watched this video I clicked the link and scanned the QR code, luckily i changed all password quickly.
I feel you buddy
the 102 idiots who disliked probably are that scammers 😂😂
I don't get these scams. What do the scammers even have to gain? It's not like they can blackmail the person they took the account from and blackmailing their close friends doesn't work either cause these people block you after sending the server link they can't sell your data either cause it's just an account. So what exactly are they trying to gain here?
Money, buying nitro then selling them for cheap on shady sites, or even using your credit card info to buy stuff online
@@scott420 oooooh I get it thanks for telling me
i remember the first time i got this i almost scanned the rq code, i entered the server and pressed a verify button, but inmmediately left it after i got warned on some stuff, luckily, that was some months ago and nothing happened to my account, i really got scared when i heard i was "exposed", plus it was fishy
can i have the invite of that server... i'm not dumb, i'm not scanning the qr code or clicking any links... just wanna see it w my eyes
Let's send this to scammer payback
Thanks for investigating this I almost scan one of those QR codes after my friend got hack and said i send something disgusting from a minor blah blah blah and there's the "Discord Shaming" server invites
"Good" hackers usually publish stuff like this to put some pressure on companies to actually fix the issue, this QR code scam has been known for years and yet here we are.
some randos managed to add me as a friend on discord, i did not have any servers in common with them and I knew they were bots. One guy sent me a job offer with a clearly malicious link and the other sent 5 messages in a row with, also, a clearly malicious link to a website for free discord nitro
I just hope in another universe cheaters and scammer get punished so hard that they will never even think of doing anything bad online, EVER :)
I have been scammed with a the discord fake games thing a long time ago not the qr codes but the name of the repo dev sounded familiar and the fact that they were in france made it even more familiar. Turns out when I got scammed I (tried to) decompiled the python exe file and through searching found a github repo. I continued talking with the guy who had sent me the Token grabber and got my way to find their phone number, rough location and their discord. I added them in friends and wasted their time by for maybe an hour or two. I got them banned from discord but heh they just made new accounts but im happy I pissed them off. And in their bio's they had a fake nitro website that I reported and it went down pretty quickly.
Anyway great video and I definitely didn't expect to hear about the same idiots again
Hey, there IS a Scam Fighters server. just join any scam server and it should be on the username list. On it's about me there should be the server.
happened to get scammed and it sent links to my whole friends list, im truly terrified if anything of my personal info gets leaked. please dont trust these i have created a new account never scan suspicious links.
But do u think and personal info can get leaked just by your dc acc?
It happened to me aswell and now i have the same feeling
I almost fell for this. Only found this video by copy-pasting the message text out of caution.
"Hello! Are you human? Let's find out! Scan the QR code below on your Discord Mobile app to login."
his entire profile is filled with stuff that can be used to scam people he might as well remove all of it
I've never trusted those DMs I get from my friends. If something sounds wrong, it probably is. It never hurts to ask and probe your friend for more information if you're unsure! It's better to be safe than sorry.
The person behind this is NightfallGT I believe since they owned the server "Haunt"
This man says there is a scam shows us how it works shows us where to get it and made a tutorial on how to get it to work now lots of people more likely got it and now do the scam too. If there is a scam don't show how easy it is to get because many more people are going to try it.
Just because an individual has created something in code doesn't mean they use it in bad purpose. I totally disagree with your opinion! It also isn't THAT easy to create the exact template to the bot you were using, you would obviously have members to make the server look more official, a bot that looks real, and a server that has multiple channels...
Seems like the heart of the issue is the lack of innovation and having such a basic sad sack of a method for keeping track of people's accounts such as a token system
i actually almost got scammed, bc im my language shows that Login in account in the qr code so i didn't get scammed
wow, I'm glad I saw this video, I got that exact same message from one of my friends almost clicked on it luckily the invite expired
This happened to me a week ago, however it's incredibly easy to get everything back to normal, just don't log out of your account. With the qr code they can't get your password, and if you change your password on discord, it will log out every device your account is on. Then just go to settings and see all of your blocked users, then unblock them, it's that easy.
6:50 they should add it so, when you press the button, you will get redirected to a part of the login where there is the warning, and you will have to check the box where it has next to it "I understand and accept", and then after 5 seconds, you should be able to log in. Discord definitely should warn people with a proper message like i just described.
Instead if suing or anything, they should fix the damn token hacks. It's been a thing for years and both seems to be done
Ikr! One idea that they could use is making the tokens so that they are e2e encrypted. That way, only your computer, and discord's servers would know your token, making it impossible to get token logged. I really hope discord does something like this, because currently, account stealing is way too easy!
I had a gut feeling that this was a scam when I had a friend send it to me. I almost clicked it, but decided to wait a little bit. Then, a second friend got hacked, and I received the same exact message with very slight changes, and then I was 100% certain. Both got their accounts back, so that's a good thing.
Hey, can you please make a video on the discord bot accounts that spam add you to group chats? I had that happen to me a while ago and I wish I heard about it before. Basically you just accept a friend request from someone and the second you do, you get added to about 20 group chats per second named things like "you are an idiot"
I use Codec app so when i scan the qr code it shows the link but doesn't open it
ayo, they be using friends to scam?! sucks to be them, they can't hack me cause i have no friends haha
thanks for the video! really appreciate what you did, and completely agree with those oppinoins.
I fell for it, but I just ended up changing all the passwords on the accounts I had on my phone. It's not much of a threat if you havent spent anything on discord
With a changed password and f2a, even if they have your account, they wont be able to access it
I can just laugh at them lol they cant steal my bank email shit cuz im not login in on my pc only on my phone kekw
so if i havent made a transaction the hacker wont get my home address right? bc i have never bought nitro