FANDOM


A scam is an attempt to trick a player into giving away their valuables and/or personal information to the perpetrator for any purposes that would be harmful to the victim. The primary motive for scamming is personal gain, but in any case, it is a malicious act.

Scamming is considered to be a very widespread issue on Roblox. The admins have attempted to stop the most common scams by disabling comments on games, badges, and game passes. However, developers can still enable/disable comments on clothing, Library assets, and UGC items. Additionally, games where the exchanging of items are frequent such as in Murder Mystery 2 and Adopt Me, as well as official exchange systems between Roblox players such as the limited trading system, are very liable to scams.

Transaction scams

The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting Roblox Support here.

  • Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
    • T-shirt scams: The perpetrator publishes a T-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, (rarely higher than 500 Robux) these T-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This trend has since declined due to the release of the Game Pass system, which eliminated the need for game creators to distribute additional game privileges through VIP T-shirts.
    • Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
    • Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. However, the promised features are simply not given once a user purchases the game pass. These types of scams were commonly used by jaredvaldez4.
  • Product scam: The perpetrator sells in-game powerups or items. However, they are sold as developer products, which, unlike Game Passes, are not stored in the player's inventory, which allows them to purchase the item multiple times. If the player leaves the game, they will have to purchase the items again. This is commonly found in bait and switch games.
  • "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible. The clothing is instead simply transparent, which does not create an invisible avatar. If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
  • Save 10% scam: The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will, in fact, give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price. If you want to make a save 10% game, slap a free model prompt purchase, enter the ID that you want.
  • Color-changing shirt scam: Similar to the "invisible" shirt scam, a user publishes clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. There are videos claiming that the clothing works which were edited using a green screen and some errors can be seen in some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color. 
  • Admin gamepass scam: This type of scam is often seen in roleplaying games. The victim will usually be misled into thinking that purchasing the game pass will allow them to use many admin commands from a command script in the game. In reality, the game pass will only grant a limited amount of commands that can only be used on the victim's self which are also called VIP Admin. These game passes usually receive many dislikes. 
  • Cheaper game products scam: The perpretrator sells game passes promising a usually valuable product in another game at a cheaper Robux price, such as a ridable, flyable neon Legendary pet in Adopt Me!. Often these games are not connected to the other game and thus give nothing, wasting the buyer's Robux.

Phishing scams

These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux, to account compromise, and to malware infections. Phishing scams are very common and are often targeted towards new or young users who have not made purchases on their account, as Robux and Premium are desired by many players but cost money that they may not want to spend or cannot afford.

In most cases, once a user is phished, their account is added to a botnet with which the thief uses in order to spread more scams. This, in turn, may result in the victim's account being terminated if it is reported for spreading these scams.

If Roblox+ is enabled, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.

  • Login info via Roblox messages: The scammer messages a user and asks for his/her username and password in return for Robux or services, such as Premium. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front-page game. After the victim is scammed, the victim's account is then used by the scammer to scam others.
  • Fearmongering: The scammer, pretending to be an official Roblox associate, messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL, after which the end result would be the victim's account being phished or hijacked. Typically this happens because the scammer asks the victim to send an image of their password reset email with the link visible, or is asked to use Inspect Element in order to extract their .ROBLOSECURITY cookie and send it to the scammer. This scam is mainly aimed at users who have a high average value of limited items in their inventories.
  • Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a 'reward' of Premium or Robux. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.
  • Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.
  • Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login info.
  • Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's Roblox account but their entire computer. This can include banking information, several passwords, document information, and might destroy Windows Installation. Antivirus programs, such as Avast and Bitdefender, will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
    • Recent executable files have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
  • .ROBLOSECURITY scam: The perpetrator convinces a user that the .ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
  • AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
  • Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.
  • Fake Browser extensions: After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.
  • Botted Roblox Places: A Roblox place that tells the user to go to an offsite link that claims to give out free Robux or Premium, botted with bot accounts in the thousands in order to get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
  • Roblox-related advertisements: These advertisements promise things such as free Robux or Premium. They may redirect to another YouTube channel or a phishing site.
  • Login info via chat: What it means is that a bot sends the player the friend request. If it gets accepted, they'll say scam messages. An example of this (Notice it was actually censored due to Roblox filter)​​​​​​
  • Group Wall Post Scams: In some groups where the group wall is not really active, scam bots will raid the wall with scam messages which appear to be the same. Some groups make it so only higher ranks can post, to prevent bots (who don't promote themselves on groups) from scamming.
  • Phishing GUI: Commonly found in fake "Free Robux" games, a realistic-looking GUI posing as a login screen or error will prompt the player to input their login information. The victim's login information will then be stolen.
    Scam 2.0

    Old Robux Scam. Taken 7/5/2019. Scam Message posted a few months ago.

  • Free item scam:: A user receives messages from friends or other random users saying "hey, if you use the code "(fake code)" on (scam website), you get a free (valuable item)". Visiting the site, users are shown a login screen similar to that of Roblox's official login site. If the user enters their username and password, their account will soon be hijacked and looted for its Robux and/or limited items. It will also then be used to spread the scam further. See this video for more info.
  • Guilt Scam: Commonly happens in large discord servers with RoVer. They will pick a random person from the server who has their Roblox name as a nickname because of RoVer, then say that they lost that friend by accidentally deleting them, then claim that account was hacked. Once the user friends them on Discord, they join a game. The scammer fools the victim by pretending to go on the website and randomly being logged out. They then claim that they were the victim of an account trading scam. They then guilt the user into giving them their password to "share the account". They claim they won't touch anything. Once the victim gives their password through Discord, the scammer unfriends them and steals the account. These scams can usually be as long as 3 hours!
  • Youtube Channel Name Scam: Found on YouTube. A channel, usually titled as: "Hi, I'm [name] if you don't mind check out my video" comments on a page. Most of these scam channels were made in 2006, clearly indicating they're hijacked. Those channels have only one video, which is a phishing one as you might already guess. 
  • .HAR file scam: The scammer would contact someone (usually via Discord) to convince the user to create a  .HAR (HTTP Archive File) file for the Roblox website to do something for the scammer. In reality, the created HAR file for the website contains all of the user's cookies and let the scammer gain access into the account via the user's .ROBLOSECURITY cookie.
  • I'm Making A Game/GFX Scam:  This scam is where your friend or an old account will message you saying "hi dude. I'm making a game and I want to put your avatar in it, can you send me a decal of your character?" If you send them the link of the decal of your character through text, the scammer will use that link to hack your account. The scam uses some form of javascript to access the victim's account. This got very popular in 2020. There is another version of this that asks for the same thing but the message is about a GFX.

"Soft Scams"

These scams aren't as severe as other scams, and only waste people's time.

  • Teleport places: Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
  • Livestreams: Fake YouTube live streams are set up and promise listeners free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone. In some instances, they may include links to harmful websites. Also, they sometimes have a word filter which mutes anyone who says that the live stream is fake. They may also tell you to stay in the stream for a while to get points and join their group and may use old clips.
  • Finish for a surprise: Often seen in bait-and-switch obbies, the perpetrator will put text in the game that says "FINISH FOR A SURPRISE!" or "FINISH FOR A FREE ITEM!" However, when the player finishes the game, they are teleported to another similar bait-and-switch game or receive nothing, therefore wasting your time, or say finish again for cool gear/Robux/Premium.
  • Only 1% have ever beaten this game: Similar to the "Finish for a surprise" scam, the perpetrator will put the text that says "ONLY 1% HAVE EVER BEATEN THIS GAME!" or "NO-ONE HAS EVER BEATEN THIS GAME!" However some of these games do not teleport you to other places, they just encourage you to "Play again for a free gear" or to buy their game passes. These types of games try to make players buy things at any given opportunity, for example having huge signs that say "SALE" over them, or "LIMITED TIME".
  • There is a crazy glitch at my place: These scams are the first ones, in this case, they absolutely do nothing about it, it's just a normal place. They were mostly used to make the perpetrator to gain 1 ticket via a place visit
  • Spam Comments: Players will say to copy and paste a certain message on a number of items in order to win something. 
  • Meme Games: Certain games that Copy the description and thumbnails. But when the games are played, The user will be presented with image spam. Most notably, Stick bug, Henry stickmin distraction dance, rickroll, etc..

Scam bots

, Example of a Scam bot.

Example of a scam bot.

ScamPicture

Free Robux scam in game.

Do not visit links posted by a scam bot!
23D38C6E-E666-4153-8DD4-D2D5FAD2A2A1

An example of a scammer's profile page.

2017Scambot

The 2017 girl scambots, who have been recently making a resurgence in September 2020.

A scam bot is a common nickname used to describe automated accounts that spread messages attempting to lure players to unsafe websites in order to steal their Roblox credentials or other valuable information for their owners' personal uses. It is highly recommended to ignore these accounts' requests and/or report them instead.

These types of bots have been around on Roblox for years, however certain economy-related changes such as the removal of Tickets have been a catalyst for their rapid rise in recent times. In 2017, a default girl user bot had been sending messages or friend requests to random people. Their blurb usually says "i m a girl and i love playing roblox and i m looking to make friends ;)". They have sparked a resurgence in September 2020 so it is best if you do not friend people like these as they can possibly send you scam links through party chat.

Between 2017 and 2018, they often followed a very basic avatar style and were also seen wearing free items such as The Bird Says and some random T-shirts. For a brief period in 2018, they used the default sign-up appearance, but soon after began to wear clothing in the style of the official ROBLOX account. In 2019, they have used the appearance of accounts stolen through a phishing method if a user accessed a scam site posted by a scam bot.

Aside from posting comments, some scam bots are also able to follow and send friend requests to mass amounts of players in order to extend their reach and get the player to go to their site, and they may occasionally join random free-to-play game servers to send a scam message in the game's chat before leaving a few seconds afterward. On popular front page games such as Jailbreak or Adopt Me!, they will quickly join and leave after posting a scam message such as "I just got tons of Robux by visiting [scam site]!", or something else to get more victims.

Initiatives by Roblox to lessen the impact of scam bots were put into place, such as forcing all users to complete a CAPTCHA before signing up or posting on group walls.

Between 2018 and 2019, scam bots were more actively seen on third party sites, such as Discord and YouTube (where both videos and ads were mass uploaded), as a method to avoid Roblox moderation. These bots appear to have slowly stopped appearing and many are being banned by YouTube and Discord on their respective platforms.

From mid-2020 to the present, scam bots are getting more realistic, acting more like an actual player on Roblox. They do this by doing multiple lines, which can be often made to seem like it is actually real when in reality, it is really a scam bot.  They will act like a real player saying some stuff related to the scam, and then they will actually say the link. (PICTURE NEEDED) 

If a player is scammed

If a user suspects they have given their password to a phishing site, they should immediately change their password, log out of other sessions, and enable 2-step verification for extra protection. If a user has downloaded phishing software, they must uninstall the software immediately, erase any cookie loggers, run a full antivirus scan, change their password, and create a new.ROBLOSECURITY cookie. Otherwise, the account could be used as a scam bot to spread it. If it is the first time their account has been compromised, the user can contact Roblox Support within 30 days of the compromise for recovery of lost Robux and inventory.

Avoiding scams

Don't Take the Bait - Roblox

Roblox's official advice on dealing with and avoiding scams.

  • Avoid game passes in bait and switch games. They are mostly game passes that last until the player resets or leaves the game, thus tempting the player to purchase them again if they want to continue using it each time.
  • When buying shirts, pants, or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Service, so it is best to avoid buying those.
  • If no or little users have bought a VIP shirt or a game pass, users are encouraged to avoid purchasing it until more users have done so.
  • If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or hacked into others and turned the said accounts into spambots) to promote the said scam, so check for accounts that claim it's a scam.
  • To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
  • Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
  • Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading unknown/unfamiliar files (particularly .exe programs), and never run any program with admin privileges unless they can be verified as legitimate.
  • If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user's account, such as the.ROBLOSECURITY cookie.
  • Avoid "free" Premium and Robux comments. Roblox does not promote free shortcuts to paid services.
  • Avoid YouTube videos that ask players to subscribe in order to get free Robux. These are always fake and often are made to get subscribers. The same can be said for Twitter accounts who claim to do so too.
  • Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture, especially if they have more players "playing" than "visits"; these places are most likely scams.
  • In general, if something seems too good to be true, it most likely is. Users are encouraged to not let their personal desires be easily manipulated, as most scammers often rely on victims making impulsive decisions after seeing or hearing about something they want.

Gallery

Main article: Scam/Gallery
Community content is available under CC-BY-SA unless otherwise noted.