Lately there have been COMPROMISED accounts sending token stealing links. They might be on your friends list or contacted you about server partnerships or even verified in your server as they mistakenly clicked and got compromised by doing so.
Check before you click ANY links. These are slightly misspelled and website embeds instead. Real codes have the purchaser on them and a 48 hour time limited noted.
Also, less moderated servers tend to have a bigger number of these links to accidentally click on
