Roblox Wiki
Register
Advertisement
Roblox Wiki
This page needs improvements to meet the Roblox Wiki's standards.
Please proofread or rewrite this page as necessary to ensure that it meets the Roblox Wiki's content and style standards. The specific problems are: Article needs formatting issues fixed and information cited to follow Manual of Style
⚠️
Warning
DO NOT click on or give login details to any 3rd party service claiming to reward "free Robux", "free Marketplace (catalog) items" and "free Premium membership". All of these must be purchased with real cash or Robux.
Some people have claimed to gain free Robux or such, but those are only advertisements, and they violate the Terms of Use. Report any scams to Roblox moderation.

A scam is a confidence trick that involves a scammer tricking another player into giving away their valuables and/or personal information to them for any purpose that would be harmful to the victim. The primary motive for scamming depends, but most scamming is done for personal gain (such as sales of personal info), but in many cases, it is a malicious act. Scamming is considered to be a very widespread issue on Roblox. The admins have attempted to stop the most common scams by disabling comments on games, badges, and passes. However, developers can still enable/disable comments on clothing, Library assets, and UGC items. Additionally, games where the exchanging of items are frequent such as in Murder Mystery 2 and Adopt Me, as well as official exchange systems between Roblox players such as the limited trading system, are very liable to scams.

Examples of Scams[]

Script scams[]

These scams take place when a user is told/convinced to use the inspect element to run a code that'll harm accounts, steal Robux, or give a hacker access to the account.

JavaScript scam[]

This scam involves a person inserting a script into the URL address bar to supposedly get a reward (usually Robux). The script instead buys a specific T-shirt for the amount of Robux the user has. The victim will likely not have a lot of scripting knowledge, which means they are tricked into entering the script, not knowing what it does.

"Icechewer1708" SDK scam[]

Icecheweravatar

The Icechewer1708's avatar.

This scam involves the perpetrator injecting a malicious DLL file into the Roblox game (usually after being misled to inject it to get "free Robux"). The script would insert advertisements, infect scripts, steal accounts, steal Robux, and spam the chat. Its surge started in early 2021 and shut down two Catalog Heaven servers. Icechewer1708 was also believed to have DDoSed the Roblox site unsuccessfully. Icechewer was not active until around November 2021. In January 2022, allegedly, Icechewer1708 made YouTube videos showcasing free Robux, making them insert Javascript code, and then hacking into their accounts and turning them into bots to inject the malicious DLLs. In December 2022, Icechewer was seen on an Auto Rap Battles server. No signs of the malicious DLL payloads were on the server. Icechewer1708 sold as a ad program impersonating Bloxbiz on freemodels, and offered slots in the games he spammed with ads, to a robux price. In december 2023, Icechewer1708 updated his "About me" to an advertisement to sell his SDK, saying:

"For all looking for my SDK for my hacking of vunerable games, please send me either USD or give me robux for the acess of the lost code. Send me a message on roblox or my telegram for details. The SDK can hack old vunerable games with unsecure methods. The sdk includes lua and C code, which reverse engineers games, and if possibile, injects and executes its payloads."

Transaction scams[]

The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting Roblox Support here.

"Buy Items, Get Robux" Scam[]

The perpetrator will directly message the user, telling them that for a limited time, if they purchase several pieces of clothing from their group, they will be given back a high amount of Robux (Usually higher than the total clothing prices.) Once the user purchases the clothing items, the perpetrator will simply not give the player the promised Robux in return.

Fearmongering[]

Fearmongering involves a scammer impersonating a Roblox administrator and scaring a victim into spending large amounts of Robux.

Transaction[]

A scammer messages a user claiming that they are a Roblox admin. They will say that they have found stolen Robux/credits on the account, and they will demand the victim buys an expensive item on the catalog, or their account will be permanently terminated.

The account is not at risk of being terminated, and this is done just to steal Robux.

General[]

A scammer messages a victim claiming that Roblox is purging inactive accounts or has noticed a sudden rise in the account's value. They will then try to get the user to do something dangerous, like showing a password reset email with the link visible, going to a phishing website, or using the inspect element to extract a .ROBLOSECURITY cookie.

It's important to note that account notifications will only be sent by the official 'Roblox' account. If a message you receive looks suspicious, check the user name. If it is not 'Roblox', it is most likely a scam. You should block and report the user.

Classic defrauding[]

The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.

Fake T-shirt or gamepass[]

The perpetrator sells a fake item that claims to give an expensive item/perk in a game for a discounted price. The item, however, gives nothing, which wastes the victim's Robux.

'Get drawn' scam[]

A perpetrator runs ads on the site which claim to have victims' portraits drawn for a fixed fee. However, once the victim buys the product, the perpetrator refuses to do the job and may block the victim to prevent future contact.

Fake passes and items[]

The perpetrator sells a pass that advertises special in-game features for the player. However, the promised features are simply not given once a user purchases the pass wasting the players Robux. These types of scams were commonly used by Jaredvaldez4.

Product scams[]

Invisible/Color Changing shirt scam[]

A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible, or that a piece of clothing is a GIF that is animated or will change colors when equipped. The clothing, however, is simply nothing, which wastes the user's Robux.

Save 10% scam[]

The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price.

Admin gamepass scam[]

This type of scam is commonly found in RPGs and copy-and-pasted obbies and tycoon games. The game creator sells expensive gamepasses that claim to unlock a broad range of commands. However, the pass only gives a few commands that the user can only use on themselves. Gamepasses will often advertise features by name that are not granted by buying the pass.

The only way to get refunded from a scam gamepass is by contacting Roblox Support. Unfortunately, the support team is infamous for ignoring victims of these scams and deflecting the issue to the developer of the game (IE, the scammer), even though developers cannot refund Robux purchases in any situation.

Fake UGC item scam[]

The perpetrator or their friend (usually on a different platform) claims that they have found a UGC accessory that looks like a very popular limited item, but at a fraction of the price (for example, a UGC face mask with a Super Super Happy Face on it.) They will then show faked proof of the supposed item working and existing. The victim is told they need to purchase the accessory from an alt account or group's experience as a game pass, and that they will need to wait a few hours for the item to be added to their inventory as it is a new item. Of course, the victim never receives the item.

Phishing scams[]

These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux, to account compromise, and to malware infections. Phishing scams are very common and are often targeted towards new or young users who have not made purchases on their account, as Robux and Premium are desired by many players but cost money that they may not want to spend or cannot afford. This is the most dangerous scam method that a user can fall for on Roblox.

The hijacker usually changes the password to the victim's account, so account recovery becomes impossible.

In most cases, once the victim's account is hijacked, their account is added to a botnet with which the thief uses in order to spread more scams. This, in turn, may result in the victim's account being terminated if it is reported for spreading these scams. It can also result in them being unfriended, considering they may never get that account back or the person thinking their friend has dropped so low as to scam.

Avatar Model Scams[]

The scammer claims that they are an account for a popular game, for example, Jailbreak. They claim to be their "confidential" and "private" accounts. They will give you a YouTube link showing a "tutorial". These have a suspicious link to them; they are also given to players who have played Roblox and the game for a long time. They claim that they are updating the game and would like to "include" your avatar in the thumbnail. These often go to Roblox messages. They also sometimes claim that they will give the victim high amounts of Robux for simple tasks.

Login info via Roblox messages[]

The scammer messages a user and asks for their username and password in return for Robux or services, such as Premium. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front-page game. After you enter your credentials, it's sent to the owner, and logs in to you account and hacks it. After the victim is scammed, the victim's account is then used by the scammer to scam others.

Password farms[]

A game is created that has a GUI that asks a user to enter their username and password to 'verify their account'. The GUI instead farms password information and sends it to scammers.

Scam game files[]

Scam game files are like the password farm scam, except people on YouTube create videos that have "Roblox scam game uncopylocked" or "Free Roblox scam game file". These are files other scammers give out to people in hopes that other people get the files of the games in order to scam more people. Usually, the scammers tell people to change a line of code in the game's script and replace it with a Discord or trello webhook link. When they do that, whenever a player enters information about their account, the information is sent to the webhook.

Login information via friend request[]

The scammer follows and sends a friend request to the user with usernames that persuade the user to click on their profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input their login information, usually for a 'reward' of Premium or Robux. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.

Login information via email[]

The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.

Login info via exploits[]

The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login information.

Malicious programs[]

The perpetrator directs users to a link that downloads an executable program (.exe). These programs are often referred to as hacks or exploits. The program, when run, may install malware or log cookies.

.ROBLOSECURITY scam[]

The perpetrator convinces a user that the .ROBLOSECURITY cookie must be given to them, giving them a risk of their account being compromised. Read this article for more information on the .ROBLOSECURITY cookie.

AuthTicket scam[]

Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a victim's username with a simple batch command and buy in-game purchases without their knowledge.

Copy as... scam[]

Another scam that involves the perpetrator tricking you into going into the network section, refreshing the page, and copying the whole page into a website that actually, steals your cookies and gives them to them.

Fake websites[]

These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.

Fake Browser extensions[]

After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.

Botted Roblox Places[]

A Roblox place that tells the user to go to an offsite link or give their password to get free Robux or premium.

Roblox-related advertisements[]

These advertisements promise things such as free Robux or Premium. They may redirect to another YouTube channel or a phishing site.

Login info via chat[]

What it means is that a bot sends the player the friend request or follows them. If their friend request gets accepted, they will begin to say scam and phishing messages.

Group Wall Post Scams[]

In some groups, scam bots will raid the wall with scam messages which appear to be the same. Groups can make it so only higher ranks can post, to prevent bots (who don't attempt to promote themselves on groups) from scamming. One of the most notable raided groups is Gamefam x Sonic, the owner of Sonic Speed Simulator.

Free item scam[]

A user receives messages from friends or other random users saying "hey if you use the code "(fake code)" on (scam website), you get a free (valuable item)". Visiting the site, users are shown a login screen similar to that of Roblox's official login site. If the user enters their username and password, their account will soon be hacked and looted for its Robux and/or limited items. It will also then be used to spread the scam further.

Guilt Scam[]

Commonly happens in large Discord servers with RoVer. They will pick a random person from the server who has their Roblox name as a nickname because of RoVer, then say that they lost that friend by accidentally deleting them, then claim that the account was hacked. Once the user friends them on Discord, they join a game. The scammer fools the victim by pretending to go on the website and randomly being logged out. They then claim that they were the victim of an account trading scam. They then guilt the user into giving them their password to "share the account". They claim they won't touch anything. Once the victim gives their password through Discord, the scammer unfriends them and steals the account. These scams can usually be as long as 3 hours!

YouTube channel name scam[]

  • Found on YouTube. A channel, usually titled: "Hi, I'm [random female name] if you don't mind check out my video" comments on a random small Roblox YouTuber's video, the comments made by these bots are typically random short phrases. Most of these scam channels were made in 2006, clearly indicating they're hijacked. Those channels have a shared video on their channel page which is a phishing one as you might already guess. They also make random hijacked accounts comment it's real to make it look legit, comments that aren't by the bots get automatically deleted.

.HAR file scam[]

The scammer would contact someone (usually via Discord) to convince the user to create a .HAR (HTTP Archive File) file for the Roblox website to do something for the scammer. In reality, the created HAR file for the website contains all of the user's cookies and lets the scammer gain access to the account via the user's .ROBLOSECURITY cookie.

Spam Click Purchase Scam[]

A game makes you rapidly click a button. While clicking, a purchase prompt appears in the spot that you are clicking. The victim will probably be clicking so fast that they will unintentionally end up buying an item, usually a poorly made shirt for a 15-100 Robux price. A user is safe from this if they don't have any Robux. This was fixed in a change to the Roblox purchase GUI and a delay added before you can press the buy button.

I'm Making A Game/GFX Scam[]

A scammer will message you something similar to "I'm making a game and I want to put your avatar in it, can you send me a decal of your character?" There is another version of this that asks for the same thing but the message is about a graphic art commission. The scammer will send you a link to paste into your browser, which uses JavaScript to steal your .ROBLOSECURITY cookie.

Profile link scam[]

This scam started in October 2020. It starts with a user getting sent a link through a private message on Discord that looks like a ‘link’ to the user's profile on ROBLOX, but it is actually an IP/cookie grabber.

Hiring Testers scam[]

This scam started in May 2020. It starts with a user getting sent a message by someone. This message will tell you that testers are needed for their game and that they're willing to pay those testers and for people to be testers for their game, they need to press a link. If the player presses that link, their .ROBLOSECURITY cookie will be revealed to the scammers. Also, most of these scam targets are older players who just started playing Roblox again.

Play Button Scam[]

Scammers use glitches to hide the purchase prompt in a game. They are then able to trick a player into clicking something which, in reality, is clicking the invisible purchase button. This scam mainly targets high-profile players with large amounts of Robux, and the scammers are potentially able to steal millions of Robux from those players.

Subscribe and friend scam[]

Scammers tell the scam victim to subscribe to their YouTube channel and friend them, usually to obtain a "free item". A link to the profile is in the description of a video on their YouTube channel, however, the URL is slightly different from the official Roblox website URL. The site shows that you are logged out, and when the victim tries to log in, they will be sent to the real Roblox site, but instead, their account will be locked with a PIN and the scammer will have the player's information. The scammer could try to join games and trade the victim's items to the scammer's account, or get the victim's personal information. This can happen on an unofficial trading website for Roblox players, where the site helps the user find trade offers for items in games such as Adopt Me, Royale High, Murder Mystery 2, etc. The trading site itself is safe and secure, and even the fake Roblox link says it's secure with the lock icon, but the fake site will steal your account and the only way to get it back is by contacting Customer Support.

Third-party site scam[]

There are some third-party websites that claim that you can earn free Robux by completing surveys and watching videos, but they violate the Terms of Use and Roblox Community Standards. Some of them can have hidden scripts that hijack your cookies without your permission. People that have completed surveys on these sites can be punished in real life.

Free Robux generator scam[]

These websites are found on the Internet. They are usually found when someone searches 'free Robux generator' on Google. How it works is it prompts the user to enter their username and the amount they want. After that, the site pretends to connect to Roblox servers and inject the Robux into the victim's account, but it is simply doing nothing. Once the fake generation is complete, the user will be asked to verify that they are human. This usually involves liking scam YouTube videos or clicking on a bunch of ads. If the user does that, the site will do nothing, thus wasting the user's time and giving the scammers money through ad revenue, and losing the victim's sanity.

SIM swapping scam[]

This type of scam was used mainly during the summer of 2021. The hacker attempts to find any piece of information about you that can help them find your phone number and service provider. After that, the hacker attempts to contact your SIM provider and tries to convince them that your real SIM was stolen or overtaken by somebody else. The service provider may believe that and disable the rightful owner's SIM card, give the hacker a new one, and that becomes a SIM swap. However, this is especially dangerous as the hacker will also have access to everything, not just your Roblox account, but also things such as your contacts, apps, passwords, and banking information.

PowerShell Asset Copier scam[]

If you go to an asset copier website that claims to "download" a copy into the game, you were prompted to go to inspect element and copy your PowerShell on the game's website. This contains your .ROBLOSECURITY code, which allows people to access your account. Some videos show it downloading, but if you try it will not happen.

"Soft Scams"[]

These scams aren't as severe as other scams, and only waste people's time.

Bait-and-Switch[]

Bait and Switch (BaS) places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets. They use a mock-up of a popular Roblox game, such as Adopt Me or Pinewood Computer Core. When the user plays the game, they are redirected to some generic obby or tycoon game, thus giving visits.

Livestreams[]

Fake YouTube live streams are set up and promise viewers free Robux. The Livestream uses bots as moderators that do things like mute users that say the stream is fake. They typically make viewers spam the chat with fake admin commands like '!robux'. They usually redirect to fake generator scams. They loop clips of the scammer giving Robux out to viewers and begging for likes and subscribers.

"Free Robux" scam games (on App Store & Google Play Store)[]

Free Robux apps on app stores and Google Play Store will try to get a player to get a ridiculous amount of gems for free Robux, however they just spam the user with ads and waste time.

Finish for a surprise[]

Often seen in bait-and-switch obbies, the perpetrator will put a massive header at the top of the screen saying 'FINISH FOR A SURPRISE!'. When the player finishes the obby, they will get redirected to a different obby, or be encouraged to restart the obby for free gear or admin commands.

Only 1% have ever beaten this game[]

Similar to the "Finish for a surprise" scam, the scammer will put a massive header at the top of the screen saying 'ONLY 1% OF PEOPLE HAVE EVER FINISHED THIS OBBY!'. Most of these games will encourage people to buy overpriced items that only last one life or until they leave. Once the user finishes, they will simply be redirected to another game, and be encouraged to restart the game for, like before, free gear or admin commands.

There is a crazy glitch at my place[]

This scam is the oldest scam on Roblox. Scammers advertise their clickbait game, saying there is some crazy glitch in the place. However, the game is just nothing, a baseplate or a starter place, and thus give nothing, wasting victims' time.

Spam Comments[]

Players will ask to copy and paste a certain message on several items to win something, of course doing so grants nothing, and this is a popular soft scam. The most common ones are "/e free" on items with comments enabled and "/e equip" on decals, meshes, and models that look like clothing assets.

Meme Games[]

Certain games that copy the description and thumbnails. But when the games are played, the user will be presented with image spam, most notably Stickbug, Henry Stickmin Distraction Dance, Rickroll, etc.

"Robux for item'' scam[]

Children are usually the ones to fall for this scam. The perpetrator offers the victim an (usually large) amount of Robux for a certain in-game item. After the victim gives the perpetrator said item, the perpetrator will simply leave the game. Games like Adopt Me! and Murder Mystery 2 are notoriously flooded with people using this method, likely due to their playerbase consisting of mainly children.


I'm Making A Group Softscam[]

A harmless variant of the "I'm Making A Game/GFX scam". The scammer will ask you for a model of your character and will ask for it in a .zip to put in a group image or game image and be awarded commissions. Once the scammer receives the model, they will block the victim, which is a moderator's job.

Spam Games Softscam[]

These games have a name like “[popular trend] FLAMINGO JOINED!” and the description will say something like “Welcome to [game name]! Remember this is in early development and are bare bones. Thanks for understanding!” but when the user joins the game, it has a loading screen, which never loads and thus, wastes the victim’s time.

Scam bots[]

Do not visit links that claim to give free Robux!

23D38C6E-E666-4153-8DD4-D2D5FAD2A2A1

An example of a scammer's profile page.

2017Scambot

The 2017 girl scambots, who have been recently making a resurgence in September 2020.

A scam bot is a common nickname used to describe automated accounts that spread messages attempting to lure players to unsafe websites to steal their Roblox credentials or other valuable information for their owners' personal uses. A scam bot may message you if you have messages opened for anyone.

These types of bots have been around on Roblox for years, however certain economy-related changes such as the removal of Tickets have been a catalyst for their rapid rise in recent times. In 2017, a default girl user bot had been sending messages or friend requests to random people. Their blurb usually says "I'm a girl and I love playing Roblox and I'm looking to make friends ;)". In mid/late 2023, there were bacon girl bots sending friend requests to random users. It's unknown why it happened. Their names were something like GalSheepLove.

Between 2017 and 2018, they often followed a very basic avatar style and were also seen wearing free items such as The Bird Says and some random Classic T-shirts. For a brief period in 2018, they used the default sign-up appearance, but soon after began to wear clothing in the style of the official Roblox account. In 2019, they have used the appearance of accounts stolen through a phishing method if a user accessed a scam site posted by a scam bot.

Aside from posting comments, some scam bots are also able to follow and send friend requests to mass amounts of players to extend their reach and get the player to go to their site, and they may occasionally join random free-to-play game servers to send a scam message in the game's chat before leaving a few seconds afterward. On popular front page games such as Jailbreak or Adopt Me!, they will quickly join and leave after posting a scam message such as "I just got tons of Robux by visiting [scam site]!", or something else to get more victims.

Initiatives by Roblox to lessen the impact of scam bots were put into place, such as forcing all users to complete a CAPTCHA before signing up or posting on group walls. The current captcha did not do any helping to prevent these bots from being created, but no one has seen these bots pass a Google reCaptcha test.

Between 2018 and 2019, scam bots were more actively seen on third party sites, such as Discord and YouTube (where both videos and ads were mass uploaded) as a method to avoid Roblox moderation. These bots appear to have slowly stopped appearing and many are being banned by YouTube and Discord on their respective platforms.

From mid-2020 to the present, scam bots are getting more realistic, acting more like actual players on Roblox. They do this by doing multiple lines, which can be often made to seem like it is real when in reality, it may be a scam bot. They will act like a real player saying some stuff related to the scam, and then they will say the link. Chatbots are bots that visit 3/4 of places, leave spam related to the scam then leave, and they are very similar to scam bots. They are very common as of 2020. Lespcats/Accobests are bots that seem to be advertising the same scam site that frequently changes its name.⁠[citation needed]

Types of scam bots[]

Message bots[]

These bots will spam message walls and in-experience chats with scam links that redirect to dangerous sites. Roblox has cut down on these spam messages by terminating accounts that are new and only used for scamming.

Generic chatbots[]

These bots flood in-game chats, website chats, and group walls with links to scam websites or scam experiences.

  • If a website is promoted by chatbots, it usually consists of a website prompt asking for the amount of Robux to be "given" to the player, including an optional "Premium membership". Once the data is entered, the website will pretend to connect to Roblox servers to "inject" the Robux into the user's account. Before any Robux can be "claimed" by the end user, the website will inevitably ask the user to complete a survey to "prove" they are not a robot. These surveys are used to harvest personal details and/or profit from the website in the short time it is up.
  • If an experience is promoted by chatbots, it usually consists of a simple object or a short path, eventually leading to a specific object that can somehow "award" the player Robux. Once this object is interacted with, a fake login GUI will appear. If you enter sensitive data into the prompt's "Password" section, the data is collected and can be used to compromise your account.
  • Chatbots can be categorized by a username that usually consists of the following:
    • Random string of characters
    • Realistic username followed by a random string
    • (specific name)_(string)
  • Trump chatbots: These bots were active during 2020 in the leadup to the 2020 United States Presidential Election. These bots (identifiable by the username pattern "Trump2020_" followed by a string of characters) would enter games and encourage users to vote for Donald Trump, the Republican Party candidate for the election. These bots were terminated quickly, leading to a few bots being barred from creating new accounts. After the election, these bots died out.
  • Bible chatbots: These bots would flood chats with random passages from the Bible, annoying people, even Christians.

Other types[]

Most of the other types of bots consist of spam on other public message boards (such as YouTube video comment sections), but there are exceptions.

  • YouTube bot: These bots revolve around Robux discussion and playing Robux scam games (as mentioned above in the "Group bot" section). These bots usually include a randomly generated timestamp in their comments and often include quotation marks. Some bots use a comforting message in another language.
  • "FREE ROBUX ON MY CHANNEL" bot: They are an uncommon occurrence on YouTube videos, particularly those unrelated to Roblox. These bots either copy other users' comments or use generic phrases like 'Can we take a moment to appreciate...' in an attempt to gain visibility. They further employ like bots to boost their comment's ranking, thereby increasing the likelihood of unsuspecting users clicking on their channel and falling victim to scams. In response, many users simply reply to these comments and say "Bot".
  • Follow Bots: These bots would flood user follow lists. As they could be easily identified (usually having a username consisting of "checkmyprofile" in a variation of Leetspeak, followed by a random string of characters), some of these bots would be terminated quickly. This type of bot was relevant from 2017 to 2018, but it would soon die down. Despite that, some real accounts that were targeted by these bots can still have them on their follow list, in the thousands, terminated or not.
  • Model Purchase Bots: These bots mass-buy free models from the Roblox Library.



If a player is scammed[]

If a user suspects their password has been shared, they should immediately do the following:

  • Change their password to something new, unique, and hard to guess.
  • Use the secure logout feature
  • Enable 2-Step Verification
  • Create an account PIN
  • Create a new .ROBLOSECURITY cookie

If a user has downloaded phishing software, they should follow the above, and also:

  • Uninstall the software immediately
  • Erase all cookie loggers
  • Run a full Antivirus scan (can be done with Windows Security (bundled with Windows 8 (as Windows Defender), 10, and 11), Microsoft Security Essentials (available for Windows Vista and 7, similar UI to Windows Defender in Windows 8) or other free alternatives, such as Malwarebytes)

If the user's account has been compromised within the last 30 days, they can contact Roblox Support for a one-time recovery of stolen inventory items and Robux.

Avoiding scams[]

Don't Take the Bait - Roblox

Roblox's official advice on dealing with and avoiding scams.

Players[]

  • Avoid Developer products in bait and switch games. These usually last until the player dies or leaves the game, thus tempting the player to purchase them again if they want to continue using them each time.
    • If an item seems very powerful, costs a lot, and is a Developer product, avoid it at all costs.
  • When buying shirts, pants, or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Use, so it is best to avoid buying those.
  • If no or few users have bought a VIP shirt or a pass, users are encouraged to avoid purchasing it until more users have done so, to verify it is legitimate.
  • If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or compromised other accounts) to promote the said scam, so check for accounts that claim it's a scam.
  • To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hint towards a portrait scam.
  • Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users. The only way to ban scammers is to poison ban the scammers. This terminates the bot and disables account creation. The bot's associated accounts are also terminated.
  • Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading unknown/unfamiliar files (particularly .exe programs), and do not run any program with admin privileges unless they can be verified as legitimate.
  • If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user's account, such as their .ROBLOSECURITY cookie.
  • Avoid people who tell you go to certain websites.
  • Avoid YouTube comments that promote free shortcuts to paid services, such as Premium and Robux, and YouTube videos that ask players to like and subscribe to get free Robux, or be entered into a giveaway to obtain Robux. These may be fake and often are made to expand a video's reach and get subscribers. The same can be said for Twitter accounts that claim to do so too.
  • Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture and have more players "playing" than "visits". These places are often scams.
  • Specific to the Profile Link Scams, check EVERY character of the link to be sure it is a valid link (it should be https://www.roblox.com or https://web.roblox.com). Some links use wwv instead of www, or roblox-web instead of Roblox. A normal profile link would look like this: https://www.roblox.com/users/USERID/profile (with "USERID" being the player's ID)
  • You can easily determine a bot if it uses free items, has an unoriginal/repeatable username, or joins a game and immediately floods the chat with a message that has caps and/or emojis.
  • If someone claims to be an administrator, ask who they are. They will most likely claim to be the official Roblox account (despite being a shared account), Builderman or David.baszucki. Next, check their profile for the badge. If they do not have it, they may claim they are using an alternate account (They may be lying).
  • In general, if something seems too good to be true, it most likely isn't true. Users are encouraged to not let their desires be easily manipulated, as most scammers often rely on victims making impulsive decisions after seeing or hearing about something they want.

Developers[]

  • Developers can insert chat filter extension scripts that block suspicious scam messages, like this one.[1]
  • Developers can also insert scripts that:
    • Require a user to click a button within a minute or get kicked
    • Require a user to be in the game for a set time period before they can chat
    • Require a user to be at least x days old to join, 30 is recommended

Gallery[]

This section has moved. It is now here.

Advertisement