User blog:Acebatonfan/New Scams and Account Hackings via Discord

Hi guys! I haven't been on the wikia much lately, but I'd thought I would share some information about a scam that I fell for quite recently. If I did not quickly figure out it was a scam as it was happening, I would have 100% lost my account (instead of the 75% loss I am currently dealing with).

The Scam
This scam happens primarily on Discord and then transferrs over to Roblox.


 * 1) The first thing that happens is that the scammer(s) create a scheme to claim that you are breaking the rules of a discord server. In my case, they created a photoshopped DM chat claiming that I was trying to scam them with the classic "avatar gfx" scam. You get banned from the discord server.
 * 2) The scammers pretend to be the discord server moderators and tell you that you have been banned. You can't verify that they are the actual mods since your account was banned from the server.
 * 3) The scammers will ask for "proof" that you are who you say you are so that they can unban you. They will ask you to screenshare resetting your password and your 2FA code in order to "verify" your account. The access to the 2FA email code while recovering the password lets them "hack" into your account.  Since I use google authenticator, they made up an excuse about how google authenticator would not work for their purposes and how I needed to switch to email 2FA. They do not ask for your username and password, which is why this wasn't raising initial red flags for me.
 * 4) In my case, they then traded my limiteds to a holder account and then sold them for real-life USD. They were able to make out with over $1,000.
 * 5) The end step would ultimately be you losing your account as they change your email and password (especially if you do not have an account PIN)

What I did after getting "hacked"/phished
What tipped me off was that the scammers were getting full of themselves and becoming sillier as they were succeeding in the scam (they blew their covers). That tipped me off into looking at my account, where I saw that I had messages showing completed trades. Once I saw that, I did the following steps to secure my account:


 * 1) I did not tell them I was doing anything new. I did not want them to go ahead and go to their last step of the scam.
 * 2) In Roblox settings, I did a force sign-out of all active Roblox sessions. This would log out the scammers and stop anymore trades
 * 3) I changed my password to one I have never used before and made sure I had the following settings enabled:
 * 4) My account is verified with my email
 * 5) I have an account PIN in place so they could not make any changes to my Roblox account
 * 6) I have two-step verification with an outside app enabled (like google authenticator)
 * 7) After all that, I sent a customer support ticket to Roblox support. I let them know I was scammed and provided my evidence of the trades, discord conversations, and how the scam worked (as well as additional stuff). The hard part now is being patient, as it takes time for support to conduct their investigation and to see if they are able to roll back my account.  So, there you have it! The scam was quite elaborate, and after talking to a few friends I realized I was not the only one who fell for this type of scam. Before I leave, I want to keep you guys aware of ways you can keep your account secure:

Keeping your account secure

 * Roblox Help. Player Trading Scams
 * Have a strong password - one with capital and lowercase letters, numbers, and special characters. Also keep that password only for Roblox, as having the same password across multiple websites puts it at risk for getting leaked during a data breach. Funny thing is, the scammers complimented me on how it looked like I had a strong password.\
 * Get verified - verify your account with your email address
 * Enable two factor authentication - the safest way is through a third-party app like Google Authenticator, but there is also email verification
 * Create an account PIN - that way, if someone gets into your account they cannot change any settings without first knowing the PIN
 * On discord, keep track of what servers you are registed in and do periodic cleanings of the servers you are no longer active in
 * Keep an eye out for discord servers where you might be getting large amounts of spam or scam DMs, especially if you keep your messages open! Take that as a red flag that maybe moderation is lacking in that server and consider leaving it if you can't guarantee you will be kept safe
 * Don't click on any strange links! Not even ones that look like roblox.com, since it is possible scammers can make it look like you're going to roblox when you are going to a scam site (like RobIox or R0bl0x or Rob1ox)