Giveaway DM Takeover Scams on Discord
Fake Discord giveaway bots and DMs lure users into clicking phishing links or authorising malicious OAuth applications that seize control of their accounts and spread the scam automatically.
Part of: Giveaway DM Takeover Scams
Last reviewed: 1 June 2026
Giveaways are a common and legitimate feature of many Discord communities, used by server administrators to reward engagement or grow membership. This normalised activity makes fake giveaway attacks particularly effective — users in active communities routinely receive DMs about giveaways and are conditioned to engage with them.
On Discord, giveaway-based account takeover has the additional vector of OAuth application authorisation: a malicious app requesting account access under the guise of a giveaway participation step can seize full account control without ever needing the user's password.
How this scam works on Discord
A bot DM or a message from a compromised account announces a prize — often a game, software key, cryptocurrency, or premium subscription — and includes a link to 'claim' the reward. The link either leads to a fake Discord login page or to an OAuth authorisation request for a malicious application.
Authorising the application grants the attacker persistent access to the account that survives password changes, because the token is issued to the app rather than stored in the login flow. The account is then used to send the same giveaway DM to every shared-server contact.
Some operations run fake giveaway bots that appear in server channels — bot names like 'GiveawayBot' with a slightly different discriminator than the real service — that send DMs to everyone who reacts to their posts, leading them through a multi-step 'verification' flow that ultimately captures tokens.
Common red flags
- DM announcing a prize from a bot or user you have no prior interaction with
- Giveaway claim link that leads to a Discord login page or an OAuth authorisation outside discord.com
- OAuth application requesting broad permissions described vaguely as 'for verification'
- Bot name and logo that closely resembles a legitimate giveaway bot but has a slightly different username
- Prize that seems far more valuable than the server's community activities would typically offer
- Sudden strange DMs sent from your own account that you do not recognise
How to protect yourself
- Enable two-factor authentication on your Discord account as a first line of defence
- Review all authorised applications in Discord User Settings > Authorised Apps and revoke any you do not recognise
- Never authorise a Discord OAuth application that arrived through a DM rather than a site you intentionally visited
- Log out all devices immediately in Settings > Privacy & Safety if you suspect compromise
- Treat all giveaway DMs as suspicious by default — verify in the official server channel before engaging with any link
- Keep security software updated to detect token-stealing malware that may be bundled with linked downloads
How to report it
- Report the offending account or bot to Discord's trust and safety team at dis.gd/report
- Alert the server moderation team if the giveaway scam is operating within a specific server
- Warn your Discord contacts if your own account was compromised and used to send the scam DMs
Frequently asked questions
How can I tell a legitimate Discord giveaway bot from a fake one?
Check the exact username and discriminator of the bot against the official bot page or invitation link from the server administrator. Legitimate bots like GiveawayBot are added by server administrators and do not DM users unsolicited with prize notifications. Any DM-based giveaway notification is almost always a scam.