A scam is an attempt to trick a person into giving away their valuables and/or personal information to the perpetrator for anything that would be harmful to the victim. Sucessful scams is uncommon on Roblox, games such as in Lumber Tycoon where exchange of items is frequent is very liable to scams.
A hoax should not be confused with a scam, as it does involve tricking people, but not for any damage.
Roblox has attempted to stop the most common scams by disabling comments on games, badges and game passes. Developers can still enable/disable comments on decals, and shirts/T-shirts/pants.
Types of scams
The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting
- Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
- Admin scams: The perpetrator publishes a T-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, (rarely higher than 500 Robux) these T-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This trend has since declined due to the release of the Game Pass system, which eliminated the need for game creators to distribute additional game privileges through VIP T-shirts.
- Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
- Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. However, the promised features are not given once a user purchases the game pass. These types of scams were created by jaredvaldez4.
- Gamepass scam: The perpetrator sells game passes for incredibly high prices. When the player leaves the game or resets their character while playing, they lose what they paid for and have to pay again for the items. This is commonly found in bait and switch games. This is a very big problem espcially in the front page games where the greedy place owners make people buy things and often when out getting what is wanted and roblox admins will simply turn a blind eye as they get roblox alot of profit.
- "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible. The clothing is instead simply transparent, which does not create an invisible avatar. If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
- Save 10% scam: The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will in fact give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price.
- Color-changing shirt scam: A user publishes a clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. A video claiming that the clothing works was edited using a green screen and some errors can be seen in some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color.
- Game trade scam: These people are mostly south east asians, they can been easily spotted when communicating in a latanised form of their language, once spotted avoid trading with them as they are a dishonest people.
These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux to account compromise to malware infecting the computer. Phishing scams are very common and are often targeted at new or young users who have made purchases on their account, as Robux and Builders Club are desired by many players but cost money that they may not want to spend.
Phishing scams have been prevalent since the removal of Tix, taking in form of "scambots" that clutter comments, messages, or chat messages with messages leading to the phishing site and Front Page games that are filled with scambots and do the same luring. It is unknown who is behind the scambots at this moment.
In most cases, once a user is phished, they usually get turned into a scambot with their stolen account information to spread the scams further, propagating the bots like a virus.
If Roblox+ is installed, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.
- Login info via Roblox messages: The scammer messages a user and asks for his/her username and password in return for Robux or services, such as Builders Club. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front page game. After the victim is scammed, the victim's account is then used by the scammer to scam others.
- Fearmongering: The scammer messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL after which the end result would be the victim's account being phished or hijacked, usually because the scammer asks the victim to send an image of their password reset email with the link shown or is asked to use Inspect Element in order to extract their .ROBLOSECURITY cookie and send it to the scammer. This scam is mainly aimed at those who have a high average value of limited items in their account, and is becoming more and more prevalent in recent times.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a 'reward' of Builders Club or Robux. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.
- Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.
- Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login info..
- Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's Roblox account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs such as Avast, Bitdefender and others will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
- Recent executable files have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
- .ROBLOSECURITY scam: The perpetrator convinces a user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
- Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.
- Fake Google Chrome extensions: After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.
- Botted Roblox Places: A Roblox place that tells the user to go to an offsite link that claims to give out free Robux/BC, botted with bot accounts in the thousands in order the get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
- Roblox-related advertisements: These advertisements promise things such as free Robux or Builders Club. They may redirect to another YouTube channel or a phishing site.
- In-game scam: A bot/user randomly visits a game that says that you can get free Robux/gamepass by visiting the website, a few seconds, they will leave a game and find other server/game.
These scams don't directly harm the victim in any way, other than wasting their time.
- Teleport places: Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- Livestreams: Fake YouTube livestreams are set up and promise listeners free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone. In some instances they may include links to harmful websites. Also, they sometimes have a word filter which mutes anyone who says that the livestream is fake.
If a player is scammed
If a user suspects they have given their password to a phishing site, they must immediately change their password, logout of other sessions, and enable 2-step verification for extra protection. If a user has downloaded phishing software, they must uninstall the software immediately, erase any cookie loggers, run a full antivirus scan, change their password, and create a new .ROBLOSECURITY cookie.
- Avoid gamepasses in bait and switch games. They are mostly gamepasses that last until you reset or leave the game, which will try to get you to waste a lot of money on the game.
- When buying shirts, pants or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Service, so it is best to avoid buying those.
- If no or little users have bought a VIP shirt or a gamepass, users are encouraged to avoid purchasing it until more users have done so.
- If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or hacked into others and turned the said accounts into spam bots) to promote the said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user's account, such as the .ROBLOSECURITY cookie.
- Avoid "free" Builders Club and Robux comments. Roblox does not promote any free paid services.
- Avoid YouTube videos that ask players to subscribe in order to get free Robux. These are always fake and often are made to get subscribers. The same can be said for Twitter accounts who claim to do so too.
- Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture, especially if they have more players "playing" than "visits"; these places are most likely scams.
A collection of images related to this article can be viewed on the following page: Scam/Gallery