Scams refer to an event or action in which one or more users attempt to defraud and deceive other users of their virtual currency, items, accounts, or even control of their computer (via Malware) by pretending to offer items, Builders Club membership, Robux, or other services and products that would benefit the target user. Scams have increased in number ever since the removal of tickets.
Virtual currency scams
The following are common scams that involve the virtual currency, ROBUX. Often the victims lose substantial amounts of ROBUX, although the ROBUX may be recovered by contacting firstname.lastname@example.org.
- "Administrator" Scams: The perpetrator publishes a t-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, these t-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This has since disappeared due to the advent of the Game Pass, which eliminated the need for game creators to distribute additional game privileges through VIP shirts.
- Classic Defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold on T-Shirts.
- Drawn Portrait Scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can be drawn for a fixed fee. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact
- Fake Game Passes: The perpetrator sells a game pass that advertises special in-game features for the player. No additional features are given once a user purchases a game pass.
- Copied Clothing: The perpetrator steals popular clothing sold for a low price, adds "ORIGINAL" or "90% OFF" to name and sells it for a higher price. Many new players fall for this, making original shirt get fewer sales and the perpetrator more ROBUX.
- Game-Pass Scam: The perpetrator sells game passes for incredibly expensive prices in a game. But when the player quits the game or resets their character while playing. They lose what they pay for and have to pay for the game pass again to get the item back. This is often found in Bait and Switch games.
- Click Me Scam: ClickMe and DontClickMe accounts are a group of spam bots that are programmed to send you friend requests and follow you then immediately message you about a website that awards the player robux but in reality, those websites are scams or viruses. The website URL changes most of the time. The players that have created those accounts were never identified, though they might be heavily experienced hackers due to the severely large amount of ClickMe and DontClickMe accounts that the unknown hackers have produced, but however, since mid 2017, almost all of these accounts have been terminated.
2017 Group Wall Scam
Upon mid-2017, the Group Wall Scam was caused by random spam bots spamming unique and different messages saying they got ROBUX from a ROBUX site (which is clearly a scam). The messages are different and even though they said they got ROBUX, they are the typical looking avatars you get when creating a male account for the first time, This scam also affected the comment sections of various badges. Earlier in 2017, the bots were posting messages that led to a YouTube video. (i.e. video exposing owner). Some players even think these bots are connected to the Bot Crisis Scam of 2016-2017. The users that caused this event have never been identified as there are currently no suspects as of today.
2016-2017 Bot Crisis scam
During the years of 2016 and 2017, the great bot crisis was caused by masses upon masses of bots swarming the ROBLOX forums and being used as friend request scams, this causes mass panic. And very sloppy updates from RBXDev who got extreme hate towards them and even more hate towards ROBLOX itself, resulting in a petition with over ten thousand signatures to revert an update that was ineffective in stopping the bot advance through the forums. Players will put their ROBLOX password into scam websites, giving people the account and being able to turn the account into a spambot. Like the 2017 Group Wall Scam, the users that caused this event have never been identified as there are currently no suspects as of today, but they're likely the same users that caused the 2017 Group Wall Scam. Some people think the clickbait Youtuber Kazok was behind this.
Users should contact
email@example.com if they are scammed. They should include evidence, or ROBLOX can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem sketchy or risky.
Robux generators are types of scams that are supposedly meant to be a way to get robux by typing in an amount of Robux that will then come straight into the user'sROBLOX account.
- Offer to end Robux generators are a type of Robux generator that doesn't steal your account info(only asking for your username). These sometimes have a command prompt like a window to make it look like they're giving you free robux but they aren't, it's just a GUI. They end with something that claims to be anti-spam but this is unneeded because it's not antispam, the choices of these "anti-spam"(offer) GUIs are mostly related to winning free gift cards(gift card lotteries) which are mostly scams.
- Phishing Robux Generators are a type of robux generator that asks for your password and username(stealing your account)"to get free robux."
Inspect Element Generators are another type of generator, mostly created by Youtubers to get subs, they use Inspect Element to brainwash kids into thinking they're hacking when they aren't. They gain subs by putting Subs Only marks on the fake free robux buttons or just claiming that it only works for subs which are false.
This act takes place when a user initiates a service or product, and in turn leads to malicious results. The most harmful scams and attacks are phishing scams, and depending on the severity, one can lose access to their entire computer if they are not cautious enough. These scams may lead to a release of personal or sensitive information.
These scams do variable damage, ranging from losing ROBUX to becoming a victim of malware. It is always recommended to never fall for these scams.
- Login info via ROBLOX messages: The scammer messages a user and asks his/her username and password in return for ROBUX or services, such as Builders Club. This can result in account loss. In 2016, the scam became more common and heavily targeted by sending a message to the player while playing a front page game.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a reward of Builders Club or ROBUX. This scam is more effective than ROBLOX messages alone since people can limit the people who can message to him/her.
- Login info via survey: The scammer leaves comments asking for users to participate in a survey to get a special offer from ROBLOX. This will expose their username to the scammer and therefore lose their account.
- Login info via E-Mail: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that seem convincing to a newbie ROBLOX user. A variant exists in comments.
- Login info via "Exploits": The scammer leaves comments directing users to a link that gives an exploit tool for the ROBLOX client, which will then ask for login info.
- Login info via in-game GUIs: Using customized GUIs, (MGUIS) a player might be tricked into thinking the "login page" is real and enter the login info for their account in exchange for a prize. This may include ROBUX, free BC, etc. After you enter your information, it may ban you from the game and your login credentials will be sent to a private chat via a discord webhook.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in Bait and Switch places. It appears as a maintenance message telling the user that they must log back in. Doing so feeds the perpetrator the victim's account information. Administrators will never send maintenance inside of a ROBLOX game window.
- Malware: The perpetrator directs users to a link that downloads an executable program (.exe) onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's ROBLOX account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs try to quarantine the executable program a user has downloaded, such as Avast, Bitdefender, and others. Users should never download files (especially .exe files) which are from unknown sources and not from official sources (Ex. ROBLOX Administrators).
- .ROBLOSECURITY Scam: The perpetrator convinces a user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket Scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under your username with a simple batch command and complete in-game purchases without your knowledge, and many other things. ROBLOX+, a Google Chrome extension, warns you when you input the AuthTicket link. You are able to see this warning or view your AuthTicket here. This was branded into some phishing websites as well, not requiring a password.
- Fake Google Chrome Extensions: After ROBLOX disabled comments on games and items, attackers are now creating fake extensions that look like the real thing, but after installed they steal your .ROBLOSECURITY cookie, your AuthTicket, and the extension will post the info to a web server or private chat channel. The way to not fall for this scam is to not install the wrong extension in the Chrome Webstore. Check the ratings and downloaded to ensure it's legitimate and not malware.
- Malicious programs: Recently, along with the new extension scam, executable files advertised as "hacks" or exploits have also been known to log. ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to define its intentions as malicious; resulting in accounts being stolen and sold frequently.
- Malware Techniques: Some pieces of malware that target ROBLOX replace your RobloxPlayerLauncher executable with a fake one that logs all user details when you join a game. It is recommended to reinstall ROBLOX or remove/replace the fake launcher with a legit one if you get infected by this type of malware.
- Copying Technique: After the introduction of Team Create, players often hired people to work with them for their game. However, some people hired would immediately copy what was done so far of the game, and re-publish it on their own name, claiming what they have done is allowed. This causes the original game to be thought as the copy.
When directed to a phishing site, extension, etc., ROBLOX+ will usually send a desktop notification saying "1 tab closed for malicious content" or something of that nature, and the tab with the phishing URL will be closed.
- Main article: Teleport Places
Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for ROBUX. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- When buying catalog items, users are encouraged to look for [ Content Deleted ] in the item's description. [ Content Deleted ] is an indicator that the item has violated ROBLOX's Terms of Service.
- If no users have bought a VIP shirt, users are advised to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than ROBLOX, YouTube, Twitter, or Twitch. This includes shortened links (TinyURL, bitly, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- While buying a VIP t-shirt, users should check to see if the creator of the place has allowed the selling of this t-shirt. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the place is not legitimate. Note, though, that the perpetrator may have made alternative accounts (or hacked into others and turned the said accounts into spam bots) to promote the said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is most likely a phishing scam most scams include codes that look real. But if they have letters with numbers. Just ignore it's fake. ROBLOX gift card codes never contain letters.
- Avoid programs not created by the ROBLOX developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- Comments such as "Builderman told me how to get this reward by doing..." are scams, and no reward is given for posting those types of comments.
- Avoid "free" Builders Club and ROBUX comments; ROBLOX does not promote any free paid services.
- Avoid places that claim to give free ROBUX.
- Don't accept friend requests from users with the words 'ClickMe', 'DontClickMe', 'ReadMyDesc', and 'ReadMyProfile' in their names. If you do, they will send you messages that have links to phishing sites.
- Avoid YouTube videos that ask you to subscribe in order to get free ROBUX. These are always fake and often are just made to get subscribers.
- Avoid reading messages stating that you appeared in a famous video that the user had "created", this is fake, the "videos" are links to harmful websites that are coded with malware
- If a "noob" (Fresh made account with the basic account clothing) tries to add you a friend request, do not add them unless you absolutely know the person. Check their profile to see how many friends they have. If they have 0, then don't add them. Make sure to check their About. If it says, Ex: "I'm a girl and I love playing Roblox and I'm looking to make friends :)", then its a fake. They are just trying to trick you.
- Do not listen to YouTubers like Robuxian and Kazok, they often post false information about ROBLOX and steal your account with scams.
Things to do
- Protect your account! It's best to set up a password that will not be easily guessed.
- Avoid scam comments! Look out for scam comments if you are viewing some comments on items (E.g. Shirts, pants.). Report comments like that straight away if you spot one.
- Do not visit Robux Generators! Robux Generators are websites run by scammers, if you try any of these websites, they will steal your account.
- (BC Only) Make your group private! Only accept players that don't post scam comments or break ROBLOX's rules, if you see any group requests sent by scammers, decline them.
- Don't let scammers send you messages! In order to keep your ROBLOX Message wall safe, go to your privacy settings, on the "Who can send me messages?" box, select "friends only, people I follow, or followers and people I follow " and save.
To prevent scammers from scamming
If you wish to prevent a scammer from posting scams, there are some tips:
- Report the scam.
- Tell him/her to stop scamming, if he/she didn't listen/ignore your advice, report him/her.
- If you're a creator of a group, and you saw a scam on your group's group message wall, either exile him/her or delete the comment.
- Email ROBLOX at firstname.lastname@example.org concerning the scam, this assures that ROBLOX acknowledges the scam.
Some ROBLOXians create games that have titles like "Free 100k ROBUX" or "Free ROBUX Game".
Some of the games say "WARNING: FALSE REPORTING THIS GAME WILL GET YOU BANNED!" it claims that, if you report it, you will get banned. ROBLOXians don't get banned if they report a free ROBUX game.
It also claims that it will give you free ROBUX, but it doesn't, when you reach the end, it forces you to enter your password so that the creator can steal your account.
Scam games often have NPCs in the game and at least one of those NPCs are admins, their names will be listed in the playlist and enter messages in the chat Non-admin NPCs will say stuff like "OMG IT WORKS! THANK YOU!" or "OMG I GOT MY ROBUX!" most non-admin NPCs don't even have usernames of real players. NPC-admins will say stuff in response to the fake users "I know, pretty cool, huh? or "Anything for my players!". These messages will appear in the chat and are made to convince the victim it's real, however, the servers in the game really only allow 1 player, and every "player" in the game, including the admin, is not really in the game. As mentioned before, most non-admin fake players don't use usernames of real accounts
Some scam games will tell users to turn off 2-step verification (Which sends a code to verify it's really the account owner) or the "robux" won't be able to transfer into the victims account, they may also tell them not to change their password after entering in their password or the "robux" won't transfer either. Robux won't be earned regardless if the victim changes their password or turns off 2-step verification. The scammer just says that just to guarantee to be able to hack into the victim'ss account.