On ROBLOX, a scam refers to an event or action in which one or more users attempt to defraud and deceive other users of their virtual currency, items, or accounts by pretending to offer items, Builders Club membership, or other services and products that would benefit the target user. Scams have increased in number ever since the removal of tickets.
Virtual currency scams
The following are common scams that involve the virtual currency, ROBUX. Often the victims will lose substantial amounts of ROBUX, although the ROBUX may be recovered.
- "Admin" Scams: The perpetrator will have a t-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". These t-shirts are sold for a low price and advertise some kind of privilege or service in a popular game, although this is false. This has since disappeared thanks in part to the advent of the Game Pass.
- Classic Defrauding: The perpetrator will advertise a service or product for a fixed fee, usually sold on T-Shirts.
- Drawn Portrait Scam: The perpetrator will run a series of advertisements on the site, advertising that the victim can be drawn for a fixed fee (which is never revealed until the user clicks on the advertisement). Once the victim has bought the item, the perpetrator will turn hostile and refuse to perform the advertised service.
- Borrowing Scam: The perpetrator asks for a temporary donation or currency exchange.
- Limited Feeding: The perpetrator sells a Limited item (often Limited) for a very cheap price, and when an user has purchased it, the seller can begin to raise the price repeatedly, requiring the player to "feed" them money.
- Copied Clothing: The perpetrator steals popular clothing sold for low price, adds "ORIGINAL" or "90% OFF" to name and sells it for high price (usually 30 - 70). Many new players fall for this, making original shirt get less sales and the perpetrator more ROBUX. Sometime they say that you will get admin for a shirt
- Free ROBUX for ROBUX: The perpetrator makes a game that says click to buy 800 or 4,500 those are Game Passes that do not do anything, the perpetrator will get a lot of ROBUX.
- Fake Game Passes: The perpetrator makes game passes that are fake that do not do anything, making the perpetrator getting more ROBUX.
- Clicking Games: The perpetrator marks a game with a GUI that says "How many you can click in 10s" then a buy prompt to buy a item for ROBUX and the perpetrator gets more ROBUX
Users should always be sure to contact
firstname.lastname@example.org if they are scammed. They should include evidence, or ROBLOX can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem sketchy or risky.
This act takes place when a user initiates a service or product, and in-turn leads to malicious results. The most harmful scams and attacks are phishing scams, and depending on the severity, one can lose access to their entire computer if they are not cautious enough. These scams may lead to a compromisation of personal, sensitive information.
These scams will do variable damage, ranging from losing ROBUX to becoming a victim of malware. It is always recommended to never fall for these scams if you get one, and get robust, up-to-date security software.
- Login info via ROBLOX messages: The perpetrator will message a user, asking for his/her username and password in return for ROBUX or services, such as Builders Club. This can result in account loss. In 2016, the scam became more common and heavily targeted by sending a message to the player whilst playing a front page game.
- Login info via survey: The perpetrator will leave comments asking for users to participate in a "survey" to get a "special offer" from ROBLOX, or anything similar. This will expose their username to the scammer and therefore, lose their account.
- Login info via E-Mail: The perpetrator will leave comments asking for users to give account information to an email address, listing false reasons that seem convincing to a newbie ROBLOX user. A variant exists in comments.
- Login info via "Exploits": The perpetrator will leave comments directing users to a link that gives an "exploit tool" for the ROBLOX client, which will then ask for login info
- Login info via ingame GUIs: Using customized GUIs, the player might be tricked into thinking it is real and put in the login info for the player's account for an exchange or prize. This may include ROBUX, free BC, etc.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in Bait and Switch places. It will appear as a maintenance message telling the user that they must log back in. This will feed the perpetrator the victim's account information. Administrators will never send maintenance inside of a ROBLOX game window, and should be avoided.
- Malware: The perpetrator will direct users to a link that downloads an executable program (.exe) onto the user's computer. When executed, the program will inject malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's ROBLOX account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs will try to quarantine the executable program a user has downloaded, such as Malwarebytes. Users should never download files (especially .exe files) which are from unknown sources and not from official sources (Ex. ROBLOX Administrators).
- .ROBLOSECURITY Scam: The perpetrator convinces an user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket Scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under your username with a simple batch command and complete in-game purchases without your knowledge, and many other things. ROBLOX+, a Google Chrome extension, warns you when you input the AuthTicket link. You are able to see this warning or view your AuthTicket here. This was branded into some phishing websites as well, not requiring a password.
- Fake Websites: Fake websites have a login form and a domain name that looks very realistic, but is fake, and claims to give a fake ROBUX/BC reward that needs to be posted on several games. This just steals a user's log-in information and promote the scam.
- Fake Google Chrome Extensions: Google Chrome is the world's most popular browser, leading to ROBLOX's most popular extension, ROBLOX+. After ROBLOX disabled comments on games and items, attackers are now creating fake extensions that look like the real thing, but after installed they steal your .ROBLOSECURITY cookie, your AuthTicket, and the extension will post the info to a web server or private chat channel. The way to not fall for this scam is to not install the wrong extension in the Chrome Webstore. Check the ratings and downloaded to ensure it's legitimate and not malware.
When directed to a phishing site, extension, etc., ROBLOX+ will usually send a desktop notification saying "1 tab closed for malicious content" or something of that nature, and the tab with the phishing URL will be closed.
- Main article: Teleport Places
Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for ROBUX. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- When buying catalog items, users are encouraged to look for [ Content Deleted ] in the item's description. [ Content Deleted ] is an indicator that the item has violated ROBLOX's Terms of Service.
- If no users have bought a VIP shirt, users are advised to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than ROBLOX, YouTube, Twitter, or Twitch. This includes shortened links (TinyURL, bitly, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- While buying a VIP t-shirt, users should check to see if the creator of the place has allowed the selling of this t-shirt. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the place is not legitimate. Note, though, that the perpetrator may have made alternative accounts (or hacked into others) to promote said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, an user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is most likely a phishing scam.
- Avoid programs not created by the ROBLOX developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- Comments such as "Builderman told me how to get this reward by doing..." are scams, and no reward is given for posting those types of comments.
- Avoid "free" Builders Club and ROBUX comments; ROBLOX does not promote any free paid services.
- Avoid places that claim to give free ROBUX.