There are some common scenarios of airdrop scams.
Scenario 1: A racketeer spreads posters or links of free airdrops in the community to lure users into scanning the QR code or clicking the link, going to the website, and authorizing login. When a user completes the airgrab steps to give approval and claim the airdrop on the website, the scammer will be allowed to have access to the approved token and take the user's asset away.
Scenario 2: A user finds an unknown airdrop when viewing the transaction history. The memo of this airdrop transaction contains a link with a message claiming that the airdropped token can be swapped into other tokens via the link attached. When the user opens the link and swaps the token, the website will send a malicious request for approval, which will give the scammer control over all the user's assets if the user approves the request.
Scenario 3: A fraudster creates a worthless fake token, which is the namesake of a real token, and airdrops it to a user's account via a certain approach. The fraudster then uses other fake tokens to trick the user into swapping the airdropped token, while the real purpose is to ask the user to approve the fraudulent address for controlling their assets.
Please be noted:
To stay clear of scams, never ever open unknown links or scan unknown QR codes to claim airdrops, nor should you share your private key and mnemonic with anyone.