A scam is an attempt to trick a person into giving away their valuables and/or personal information to the perpetrator for any purposes that would be harmful to the victim. The primary motive for scamming is personal gain, but in any case, it is a malicious act.
Scamming is considered to be a very widespread issue on Roblox. The admins have attempted to stop the most common scams by disabling comments on games, badges and game passes. However, developers can still enable/disable comments on clothing, Library assets and UGC items. Additionally, games where the exchanging of items are frequent such as in Murder Mystery 2, as well as official exchange systems between Roblox players such as the Trade System are very liable to scams.
The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting
- Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
- T-shirt scams: The perpetrator publishes a T-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, (rarely higher than 500 Robux) these T-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This trend has since declined due to the release of the Game Pass system, which eliminated the need for game creators to distribute additional game privileges through VIP T-shirts.
- Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
- Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. However, the promised features are simply not given once a user purchases the game pass. These types of scams were created by jaredvaldez4.
- Product scam: The perpetrator sells in-game powerups or items. However, they are sold as developer products, which, unlike Game Passes, are not stored in the player's inventory, which allow them to purchase the item multiple times. If the player leaves the game, they will have to purchase the items again. This is commonly found in bait and switch games.
- "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible. The clothing is instead simply transparent, which does not create an invisible avatar. If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
- Save 10% scam: The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will, in fact, give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price.
- Color-changing shirt scam: A user publishes clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. There are videos claiming that the clothing works which were edited using a green screen and some errors can be seen in some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color.
- Free Robux scams: The perpetrator promises the victim free Robux as long as they enter their information into a site. Once the user enters the information, the player's account will be stolen.
- Admin gamepass scam: This type of scam is often seen in roleplaying games. The victim will usually be misled into thinking that purchasing the gamepass will allow them to use many admin commands from a command script in the game. In reality, the gamepass will only grant a limited amount of commands that can only be used on the victim's self. These gamepasses usually receive many dislikes.
These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux, to account compromise, and to malware infections. Phishing scams are very common and are often targeted towards new or young users who have not made purchases on their account, as Robux and Premium are desired by many players but cost money that they may not want to spend or cannot afford.
In most cases, once a user is phished, their account is added to a botnet with which the thief uses in order to spread more scams. This, in turn, may result in the victim's account being terminated if it is reported for spreading these scams.
If Roblox+ is enabled, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.
- Login info via Roblox messages: The scammer messages a user and asks for his/her username and password in return for Robux or services, such as Premium. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front page game. After the victim is scammed, the victim's account is then used by the scammer to scam others.
- Fearmongering: The scammer messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL, after which the end result would be the victim's account being phished or hijacked, usually because the scammer asks the victim to send an image of their password reset email with the link shown or is asked to use Inspect Element in order to extract their .ROBLOSECURITY cookie and send it to the scammer. This scam is mainly aimed towards those who have a high average value of limited items in their account.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a 'reward' of Premium or Robux. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.
- Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.
- Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login info.
- Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's Roblox account but their entire computer. This can include banking information, several passwords, document information, and might destroy Windows Installation. Antivirus programs, such as Avast and Bitdefender, will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
- Recent executable files have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
- .ROBLOSECURITY scam: The perpetrator convinces a user that the .ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
- Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.
- Fake Browser extensions: After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.
- Botted Roblox Places: A Roblox place that tells the user to go to an offsite link that claims to give out free Robux or Premium, botted with bot accounts in the thousands in order to the get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
- Roblox-related advertisements: These advertisements promise things such as free Robux or Premium. They may redirect to another YouTube channel or a phishing site.
- Login info via chat: What it means is that a bot sends the player the friend request. If it gets accepted, they'll say scam messages. An example of this (notice it was actually censored due to roblox filter)
- Group Wall Post Scams: In some groups where the group wall is not really active, scam bots will raid the wall with scam messages which appear to be the same.
- Phishing GUI: Commonly found in fake "Free Robux" games, a realistic-looking GUI posing as a login screen or error will prompt the player to input their login information. The victim's login information will then be stolen.
- Free item scam:: A user receive messages from friends or other random users saying "hey, if you use the code "(fake code)" on (scam website), you get a free (valuable item)". Visiting the site, users are shown a login screen similar to that of Roblox's official login site. If the user enters their username and password, their account will soon be hijacked and looted for its Robux and/or limited items. It will also then be used to spread the scam further. See this video for more info.
These scams don't directly harm the victim in any way, other than wasting their time.
- Teleport places: Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- Livestreams: Fake YouTube live streams are set up and promise listeners free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone. In some instances, they may include links to harmful websites. Also, they sometimes have a word filter which mutes anyone who says that the live stream is fake.
- Finish for a surprise: Often seen in bait-and-switch obbies, the perpetrator will put text in the game that says "FINISH FOR A SURPRISE!" However, when the player finishes the game, they are teleported to another similar bait-and-switch game.
Scam botsDo not visit links posted by a scam bot!
A scam bot is a common nickname used to describe automated accounts that spread messages attempting to lure players to unsafe websites in order to steal their Roblox credentials or other valuable information for their owners' personal uses. It is highly recommended to ignore these accounts' requests and/or report them instead.
These types of bots have been around on Roblox for years, however certain economy-related changes such as the removal of Tickets have been a catalyst for their rapid rise in recent times. Between 2017 and 2018, they often followed a very basic avatar style, and were also seen wearing free items such as The Bird Says and some random T-shirts. For a brief period in 2018, they used the default sign-up appearance, but soon after began to wear clothing in the style of the official ROBLOX account. In 2019, they have used the appearance of accounts stolen through a phishing method if a user accessed a scam site posted by a scam bot.
Aside from posting comments, some scam bots are also able to follow and send friend requests to mass amounts of players in order to extend their reach and get the player to go to their site, and they may occasionally join random free-to-play game servers to send a scam message in the game's chat before leaving a few seconds afterward. On popular front page games such as Jailbreak or Adopt Me!, they will quickly join and leave after posting a scam message such as "I just got tons of Robux by visiting [scam site]!".
Between 2018 and 2019, scam bots were more actively seen on third party sites, such as Discord and YouTube (where both videos and ads were mass uploaded), as a method to avoid Roblox moderation. These bots appear to have slowly stopped appearing and many are being banned by YouTube and Discord on their respective platforms.
If a player is scammed
If a user suspects they have given their password to a phishing site, they should immediately change their password, log out of other sessions, and enable 2-step verification for extra protection. If a user has downloaded phishing software, they must uninstall the software immediately, erase any cookie loggers, run a full antivirus scan, change their password, and create a new.ROBLOSECURITY cookie. Otherwise, the account could be used as a scam bot to spread it.
- Avoid game passes in bait and switch games. They are mostly game passes that last until you reset or leave the game, which will try to get you to waste a lot of money on the game.
- When buying shirts, pants or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Service, so it is best to avoid buying those.
- If no or little users have bought a VIP shirt or a gamepass, users are encouraged to avoid purchasing it until more users have done so.
- If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or hacked into others and turned the said accounts into spam bots) to promote the said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user's account, such as the.ROBLOSECURITY cookie.
- Avoid "free" Premium and Robux comments. Roblox does not promote free shortcuts to paid services.
- Avoid YouTube videos that ask players to subscribe in order to get free Robux. These are always fake and often are made to get subscribers. The same can be said for Twitter accounts who claim to do so too.
- Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture, especially if they have more players "playing" than "visits"; these places are most likely scams.
- If something seems too good to be true, it means it is.
A collection of images related to this article can be viewed on the following page: Scam/Gallery