DO NOT click on or give login details to any 3rd party service claiming to reward "free Robux", "free Avatar Shop (catalog) items", or "free Premium membership". Robux, paid-for Avatar Shop items, and Premium membership must all be purchased with real cash or Robux. Report any scams to Roblox moderation.
This page needs improvements to meet the Roblox Wikia's standards.
This article needs a complete rewrite or cleanup to meet the Roblox Wikia's quality standards. Please proofread this page and edit this to make it revamped. The specific problems are: Article needs formatting issues fixed and information cited to follow Manual of Style

A scam is an attempt to trick a player into giving away their valuables and/or personal information to the perpetrator for any purposes that would be harmful to the victim. The primary motive for scamming is personal gain (such as sale of personal info), but in any case, it is a malicious act.

Scamming is considered to be a very widespread issue on Roblox. The admins have attempted to stop the most common scams by disabling comments on games, badges, and game passes. However, developers can still enable/disable comments on clothing, Library assets, and UGC items. Additionally, games where the exchanging of items are frequent such as in Murder Mystery 2 and Adopt Me, as well as official exchange systems between Roblox players such as the limited trading system, are very liable to scams.

Transaction scams

The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting Roblox Support here

  • Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
    • T-shirt scams: The perpetrator publishes a T-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, (rarely higher than 500 Robux) these T-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This trend has since declined due to the release of the Game Pass system, which eliminated the need for game creators to distribute additional game privileges through VIP T-shirts.
    • Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
    • Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. However, the promised features are simply not given once a user purchases the game pass. These types of scams were commonly used by jaredvaldez4.
  • Product scam: The perpetrator sells in-game powerups or items. However, they are sold as developer products, which, unlike Game Passes, are not stored in the player's inventory, which allows them to purchase the item multiple times. If the player leaves the game, they will have to purchase the items again. This is commonly found in bait and switch games.
  • "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible. The clothing is instead simply transparent, which does not create an invisible avatar. If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
  • Save 10% scam: The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will, in fact, give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price.
  • Color-changing shirt scam: Similar to the "invisible" shirt scam, a user publishes clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. There are videos claiming that the clothing works which were edited using a green screen and some errors can be seen in some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color. The description may say "The reason it doesn't load because it's a GIF". It's actually because the clothing is moderated.
  • Admin gamepass scam: This type of scam is often seen in roleplaying games. The victim will usually be misled into thinking that purchasing the game pass will allow them to use many admin commands from a command script in the game. In reality, the game pass will only grant a limited amount of commands that can only be used on the victim's self which are also called VIP Admin. These game passes usually receive many dislikes.
  • Cheaper game products scam: The perpetrator sells game passes promising a usually valuable product in another game at a cheaper Robux price, such as a ridable, flyable neon Legendary pet in Adopt Me!. Often these games are not connected to the other game and thus give nothing, wasting the buyer's Robux.

Phishing scams

These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux, to account compromise, and to malware infections. Phishing scams are very common and are often targeted towards new or young users who have not made purchases on their account, as Robux and Premium are desired by many players but cost money that they may not want to spend or cannot afford.

In most cases, once a user is phished, their account is added to a botnet with which the thief uses in order to spread more scams. This, in turn, may result in the victim's account being terminated if it is reported for spreading these scams.

If Roblox+ is enabled, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.

  • Login info via Roblox messages: The scammer messages a user and asks for their username and password in return for Robux or services, such as Premium. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front-page game. After you enter your credentials, it's sent to the owner, and logs in to you account and hacks it. After the victim is scammed, the victim's account is then used by the scammer to scam others.
  • Fearmongering: The scammer, pretending to be an official Roblox associate, messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL, after which the end result would be the victim's account being phished or hijacked. Typically this happens because the scammer asks the victim to send an image of their password reset email with the link visible, or is asked to use Inspect Element in order to extract their .ROBLOSECURITY cookie and send it to the scammer. This scam is mainly aimed at users who have a high average value of limited items in their inventories.
  • Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on their profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input their login information, usually for a 'reward' of Premium or Robux. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.
  • Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.
  • Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login info.
  • Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's Roblox account but their entire computer. This can include banking information, several passwords, document information, and might destroy Windows Installation. Antivirus programs, such as Avast and Bitdefender, will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
    • Recent executable files have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
  • .ROBLOSECURITY scam: The perpetrator convinces a user that the .ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
  • AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
  • Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.
  • Fake Browser extensions: After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.
  • Botted Roblox Places: A Roblox place that tells the user to go to an offsite link that claims to give out free Robux or Premium, botted with bot accounts in the thousands in order to get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
  • Roblox-related advertisements: These advertisements promise things such as free Robux or Premium. They may redirect to another YouTube channel or a phishing site.
  • Login info via chat: What it means is that a bot sends the player the friend request. If it gets accepted, they'll say scam messages. An example of this (Notice it was actually censored due to Roblox filter)​​​​​​
  • Group Wall Post Scams: In some groups where the group wall is not really active, scam bots will raid the wall with scam messages which appear to be the same. Some groups make it so only higher ranks can post, to prevent bots (who don't promote themselves on groups) from scamming.
  • Phishing GUI: Commonly found in fake "Free Robux" games, a realistic-looking GUI posing as a login screen or error will prompt the player to input their login information. The victim's login information will then be stolen.
  • Free item scam: A user receives messages from friends or other random users saying "hey, if you use the code "(fake code)" on (scam website), you get a free (valuable item)". Visiting the site, users are shown a login screen similar to that of Roblox's official login site. If the user enters their username and password, their account will soon be hijacked and looted for its Robux and/or limited items. It will also then be used to spread the scam further. See this video for more info.
  • Guilt Scam: Commonly happens in large Discord servers with RoVer. They will pick a random person from the server who has their Roblox name as a nickname because of RoVer, then say that they lost that friend by accidentally deleting them, then claim that the account was hacked. Once the user friends them on Discord, they join a game. The scammer fools the victim by pretending to go on the website and randomly being logged out. They then claim that they were the victim of an account trading scam. They then guilt the user into giving them their password to "share the account". They claim they won't touch anything. Once the victim gives their password through Discord, the scammer unfriends them and steals the account. These scams can usually be as long as 3 hours!
  • YouTube Channel Name Scam: Found on YouTube. A channel, usually titled as: "Hi, I'm [name] if you don't mind check out my video" comments on a page. Most of these scam channels were made in 2006, clearly indicating they're hijacked. Those channels have only one video, which is a phishing one as you might already guess.
  • .HAR file scam: The scammer would contact someone (usually via Discord) to convince the user to create a .HAR (HTTP Archive File) file for the Roblox website to do something for the scammer. In reality, the created HAR file for the website contains all of the user's cookies and let the scammer gain access into the account via the user's .ROBLOSECURITY cookie.
  • Spam Click Purchase Scam: This is a Scam where you spam click a button and while clicking a purchase GUI appears in the spot that you are clicking. Since you are clicking so fast you can't react in time to stop the transaction and end up buying an item, usually a poorly made shirt for a 15-100 robux price. These scams are irreversible since you can't undo a purchase and are a problem for anyone with over 5 robux.
  • I'm Making A Game/GFX Scam: This scam is where your friend or an old account will message you saying "hi dude. I'm making a game and I want to put your avatar in it, can you send me a decal of your character?" If you send them the link of the decal of your character through text, the scammer will use that link to hack your account. The scam uses some form of javascript to access the victim's account. There is another version of this that asks for the same thing but the message is about a graphic art commission.
  • You Scammed Me Scam: This scam started in September 2020, where you will get a private message from a bot. The message follows the format of "You Scammed (friend or family member), LOL" (sometimes "LOL, NICE TRY"). The message body will say "Everyone knows what you did that day, it's everywhere. All your info in the video too. Emailed ROBLOX btw. Next time, try to keep it lowkey, there is a whole GIF of you doing it LOL, enjoy all ur info leaked". The message would then have a link for people to copy and paste into the search engine browser, with the instruction to remove the space between . and com. This scam redirects users to a phising site to where the "evidence" is, which then steals your Roblox account, and can put other accounts such as your Microsoft, Discord, Facebook, Twitter, Apple, Google, Amazon, and others at risk (if you register the same email for the accounts). These scams also say they have a video having all your personal information on the site with the GIF/video. Other message headers can be "WE'RE COMING FOR YOU, SCAMMER" and "DID YOU REALLY JUST SCAM MY COUSIN LOL"
  • Profile link scam: This scam started in October 2020. It starts with a user getting sent a link through a private message on Discord that looks like a ‘link’ to the user's profile on ROBLOX, while it's actually a site that logs your cookies.
  • Hiring Testers scam: This scam started in May 2020. It starts with a user getting sent a message by someone. This message will tell you that testers are needed for their game and that they're willing to pay those testers and for people to be testers for their game, they need to press a link. If the player presses that link, their Roblox security will be revealed to people doing the scamming. Also most of these scam targets are older players who just started playing Roblox again.

"Soft Scams"

These scams aren't as severe as other scams, and only waste people's time.

  • Teleport places: Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
  • Livestreams: Fake YouTube live streams are set up and promise viewers free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone. In some instances, they may include links to harmful websites. Also, they sometimes have a word filter which mutes anyone who says that the live stream is fake. They may also tell you to stay in the stream for a while to get points and join their group and may use old clips.
  • Finish for a surprise: Often seen in bait-and-switch obbies, the perpetrator will put text in the game that says "FINISH FOR A SURPRISE!" or "FINISH FOR A FREE ITEM!" However, when the player finishes the game, they are teleported to another similar bait-and-switch game or receive nothing, therefore wasting your time, or say finish again for cool gear/Robux/Premium. Or, it would link you to a tycoon.
  • Only 1% have ever beaten this game: Similar to the "Finish for a surprise" scam, the perpetrator will put text that says "ONLY 1% HAVE EVER BEATEN THIS GAME!" or "NO-ONE HAS EVER BEATEN THIS GAME!" However some of these games do not teleport you to other places, they just encourage you to "Play again for a free gear" or to buy their game passes. These types of games try to make players buy things at any given opportunity, for example having huge signs that say "SALE" over them, or "LIMITED TIME".
  • There is a crazy glitch at my place: These scams are the first ones, in this case, they absolutely do nothing about it, it's just a normal place. They were mostly used to make the perpetrator to gain 1 ticket via a place visit
  • Spam Comments: Players will ask to copy and paste a certain message on a number of items in order to win something.
  • Meme Games: Certain games that copy the description and thumbnails. But when the games are played, the user will be presented with image spam. Most notably, Stickbug, Henry Stickmin Distraction Dance, Rickroll, etc..

Scam bots

Example of a scam bot.

Free Robux scam in game.

Do not visit links that claim to give free Robux!

An example of a scammer's profile page.

The 2017 girl scambots, who have been recently making a resurgence in September 2020.

A scam bot is a common nickname used to describe automated accounts that spread messages attempting to lure players to unsafe websites in order to steal their Roblox credentials or other valuable information for their owners' personal uses. It is highly recommended to ignore these accounts' requests and/or report them instead. A scam bot may message you if you have messages opened for anyone, and they tend to say things such as "Go to [Scam site here] for free robux". WARNING: DO NOT GO TO THESE WEBSITES. In fact most recently (as of 1/4/21) there have been more scams in game. A scam bot may follow users if their messages are open only to follows and friends.

These types of bots have been around on Roblox for years, however certain economy-related changes such as the removal of Tickets have been a catalyst for their rapid rise in recent times. In 2017, a default girl user bot had been sending messages or friend requests to random people. Their blurb usually says "I m a girl and i love playing roblox and I m looking to make friends ;)".

Between 2017 and 2018, they often followed a very basic avatar style and were also seen wearing free items such as The Bird Says and some random T-shirts. For a brief period in 2018, they used the default sign-up appearance, but soon after began to wear clothing in the style of the official ROBLOX account. In 2019, they have used the appearance of accounts stolen through a phishing method if a user accessed a scam site posted by a scam bot.

Aside from posting comments, some scam bots are also able to follow and send friend requests to mass amounts of players in order to extend their reach and get the player to go to their site, and they may occasionally join random free-to-play game servers to send a scam message in the game's chat before leaving a few seconds afterward. On popular front page games such as Jailbreak or Adopt Me!, they will quickly join and leave after posting a scam message such as "I just got tons of Robux by visiting [scam site]!", or something else to get more victims.

Example of a scam bot in group.

Initiatives by Roblox to lessen the impact of scam bots were put into place, such as forcing all users to complete a CAPTCHA before signing up or posting on group walls. The current captcha is not helping to prevent these bots from being created and no one has seen these bots pass a reCaptcha test.

Between 2018 and 2019, scam bots were more actively seen on third party sites, such as Discord and YouTube (where both videos and ads were mass uploaded), as a method to avoid Roblox moderation. These bots appear to have slowly stopped appearing and many are being banned by YouTube and Discord on their respective platforms.

The scam bot as seen in Build a Boat.

From mid-2020 to the present, scam bots are getting more realistic, acting more like an actual player on Roblox. They do this by doing multiple lines, which can be often made to seem like it is actually real when in reality, it is really a scam bot. They will act like a real player saying some stuff related to the scam, and then they will actually say the link. Chatbots are bots that visit 3/4 places, leave spam related to the scam then leave, and they are very similar to scam bots. They are very common as of 2020. Lespcats/Accobests are bots that seem to be advertising the same exact scam site that frequently changes its name.[citation needed]

Types of scam bots

  • Pretender Bot - This variant of a scam bot will type out a randomly generated message, spam spaces, then type out more text starting with "{System}:" or "[ROBLOX]:" and then will announce a scam website or promote one, depending on what is used, then quickly leave the game, Sometimes they will still stay and type random generate message. The only way to detect it is to look at the message above. If the username has gibberish letters such as "YsJ9SvwOxzF" and they chat out a suspicious site claiming to receive free Robux, do not visit it. They also had started claiming that the user's friend visited the scamsite and earned free Robux or claiming that a player visited the site. This bot is the most common a player will encounter, and currently are the most problematic, as they had evolved into the hard to report bots. Another type of scam bot is to look out for a message that is similar to "Those bots are giving out scam sites, check out (scam site) to earn free robux!"
  • Catbots - These bots will go into games and will spam flood the chat. Their username will appear as "catbot_{example}"
  • Accobests - The bots that raid games for three to four times. Their username will appear as "accobest_{example}"
  • Group Bot - They ask you to get Robux on a scam site or go to a fake game on a group.
  • YouTube bot - They are on videos that revolve around the YouTuber talking about Robux, playing Robux scam games, etc. Some examples. (DO NOT GO TO THE LINKS THEY SAY.)
  • Clear Girl bots - They will try to friend you and their name will be something like cleargirl_(a random girl name) and if you accept their request they will keep chatting you scam sites in your friend messages.
  • Trump Bots - These are new kind of bots that say to vote for someone. Their name will say something like "Trump2020_7566366" They usually get terminated very fast, and some have disabled account creation.
  • Spam Bots - These bots are self explanatory, They flood old group walls and in-game chat with free robux scams.
  • Follow Bots - People's follower list is flooded with these. They usually have names as "cHE3kMYPr0fIle652545553". They usually get terminated very fast.

Scam Spamming

If a player is scammed

If a user suspects they have given their password to a phishing site, they should immediately change their password, log out of other sessions, and enable 2-step verification for extra protection. If a user has downloaded phishing software, they must uninstall the software immediately, erase any cookie loggers, run a full antivirus scan, change their password, and create a new .ROBLOSECURITY cookie. Otherwise, the account could be used as a scam bot to spread it.

If it is the first time their account has been compromised, the user can contact Roblox Support within 30 days of the compromise for recovery of lost Robux and inventory.

Avoiding scams

Roblox's official advice on dealing with and avoiding scams.

Players:

  • Avoid game passes in bait and switch games. They are mostly game passes that last until the player resets or leaves the game, thus tempting the player to purchase them again if they want to continue using it each time.
    • If an item seems very powerful, costs a lot and is a product, avoid it at all costs.
  • When buying shirts, pants, or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Use, so it is best to avoid buying those.
  • If no or little users have bought a VIP shirt or a game pass, users are encouraged to avoid purchasing it until more users have done so.
  • If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or hacked into others and turned the said accounts into spambots) to promote the said scam, so check for accounts that claim it's a scam.
  • To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
  • Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users. The only way to ban scammers is to poison ban the scammers. This terminates the bot, and disables account creation. The bot's associated accounts are also terminated.
  • Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading unknown/unfamiliar files (particularly .exe programs), and never run any program with admin privileges unless they can be verified as legitimate.
  • If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user's account, such as the.ROBLOSECURITY cookie.
  • Avoid "free" Premium and Robux comments. Roblox does not promote free shortcuts to paid services.
  • Avoid YouTube videos that ask players to subscribe in order to get free Robux. These are always fake and often are made to get subscribers. The same can be said for Twitter accounts who claim to do so too.
  • Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture, especially if they have more players "playing" than "visits"; these places are most likely scams.
  • In general, if something seems too good to be true, it most likely is. Users are encouraged to not let their personal desires be easily manipulated, as most scammers often rely on victims making impulsive decisions after seeing or hearing about something they want.
  • Specific to the Profile Link Scams, check EVERY character of the link to be sure it is a ROBLOX link. Some links use wwv instead of www, or roblox-web instead of roblox. A normal profile link would look like this: https://www.roblox.com/users/USERID/profile (with "USERID" being the player's ID)
  • You can easily determine a bot if it uses free items, has an unoriginal/repeatable username, joins the game and immediately says something that has caps and/or emojis.
  • If someone claims to be an administrator, first ask them which one. They will most likely say ROBLOX, although that is a shared account, builderman, or david.baszucki. Next, check their profile for the badge. If they do not have it, they may claim they are using an alternate account, though there is no reason for this and they are likely lying.

Developers:

  • Developers can implement this script by callmehbob that blocks the scambot's message that appears like it never existed, but add common links like those starting with "blox" to the blacklist under BadWords.
  • Developers can also create scripts that either prevent users from chatting until they are in game for a certain amount of time.
  • Or make a script that requires the account to be a certain amount of days old (30 days recommended).

Gallery

Community content is available under CC-BY-SA unless otherwise noted.