A scam is an attempt to trick a person into giving away their valuables and/or personal information to the perpetrator for anything that would be harmful to the victim. Scamming is unfortunately very common and problematic on Roblox, and players are advised to use the "Report Abuse" function in order to report any scams they come across.
A hoax should not be confused with a scam, as it does involve tricking people, but not for any damage.
Roblox has attempted to stop the most common scams by disabling comments on games, badges and game passes. Developers can still enable/disable comments on decals, and shirts/T-shirts/pants.
Types of scams
The following are common scams that involve Robux, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Robux, although the Robux may be recovered by contacting
- Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
- Admin scams: The perpetrator publishes a T-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, (rarely higher than 500 Robux) these T-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This trend has since declined due to the release of the Game Pass system, which eliminated the need for game creators to distribute additional game privileges through VIP T-shirts.
- Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
- Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. However, the promised features are not given once a user purchases the game pass.
- Copied clothing: The perpetrator steals popular clothing sold for a low price, adds "ORIGINAL" or "90% OFF" to the name and sells it for a higher price. Many newer users will fall for this, consequently causing the original item to get fewer sales while the perpetrator earns Robux from their stolen item.
- Gamepass scam: The perpetrator sells game passes for incredibly high prices. When the player quits the game or resets their character while playing, they lose what they paid for and have to pay again for the items. This is commonly found in bait and switch games.
- "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's avatar to become invisible. The clothing is instead simply transparent, which does not create an invisible avatar. If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
- In-game GUI scams: A GUI will pop up on the player's screen and tell them to click as many times as possible in order to beat a high score. While the player is rapidly clicking, they do not see that they are actually purchasing multiple items from the perpetrator.
- Save 10% scam: The perpetrator will tell players to visit their game, claiming that purchasing any item from their game will save the player 10%. However, buying from those games will in fact give the owner of the game, the perpetrator, 10% of the price, and you will still have to pay the full price.
- Color-changing shirt scam: A user publishes a clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. A video claiming that the clothing works was edited using green screen and some errors can be seen in a some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color.
These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Robux to account compromise to malware infecting the computer. Phishing scams are very common and are often targeted at new or young users who have made purchases on their account, as Robux and Builders Club are desired by many players but cost money that they may not want to spend.
Phishing scams have been prevalent since the removal of Tix, taking in form of "scambots" that clutter comments, messages, or chat messages with messages leading to the phishing site and Front Page games that are filled with scambots and do the same luring. It is unknown who is behind the scambots at this moment.
If Roblox+ is installed, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.
- Login info via Roblox messages: The scammer messages a user and asks for his/her username and password in return for Robux or services, such as Builders Club. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front page game. After the victim is scammed, the victim's account is then used by the scammer to scam others.
- Fearmongering: The scammer messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL after which the end result would be the victim's account being phished or hijacked, usually because the scammer asks the victim to send an image of their password reset email with the link shown or is asked to use Inspect Element in order to extract their .ROBLOSECURITY cookie and send it to the scammer. This scam is mainly aimed at those who have a high average value of limited items in their account, and is becoming more and more prevalent in recent times.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a 'reward' of Builders Club or Roblox. This scam is more effective than Roblox messages alone since users can limit the number of people who can message them.
- Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie Roblox user.
- Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the Roblox client, which will then ask for login info.
- Click Me Scam: ClickMe and DontClickMe accounts are a group of spam bots that are programmed to send friend requests and follow users to immediately send messages about sites that awards the player Robux. In reality, those websites are phishing scams or contain malware. The players that have created these spam bot accounts were never identified, though they might be experienced hackers due to the immense amount of ClickMe and DontClickMe accounts that have been produced, however, since mid-2017, this scam has been on the decline.
- Login info via in-game GUIs: Using customized GUIs, a player might be tricked into thinking the "login page" is legitimate and enter the login info for their account in exchange for a 'prize'. This may include Robux, free Builders Club, etc. After you enter your information, it may ban you from the game and your login credentials will be sent to a private chat via a Discord webhook.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in bait and switch places. It appears as a maintenance message telling the user that they must log back in. Doing so gives the perpetrator the victim's account information. Roblox Administrators will never send maintenance notices inside of a Roblox game window.
- Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's Roblox account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs such as Avast, Bitdefender and others will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
- Recent executable files have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
- .ROBLOSECURITY scam: The perpetrator convinces a user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
- Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted on several games. This just steals a user's log-in information and promotes the scam using the stolen account.
- Fake Google Chrome extensions: After Roblox disabled comments on games and items, attackers created fake extensions that look legitimate, but after it is installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel.
- Botted Roblox Places: A Roblox place that tells the user to go to an offsite link that claims to give out free Robux/BC, botted with bot accounts in the thousands in order the get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
- Survey Scams: These scams lead to a site which promise free Robux or Builders Club, but the user must take online surveys in order to do so. Neither Robux or Builders Club are given and the user still has to keep taking surveys, wasting time. Fortunately, unless the site asks for account information, this type of scam does not often cause long-lasting damage. However, scammers still earn money when a survey is taken, and the victim may be flooded with spam emails relating to the survey.
- Roblox-related advertisements: These advertisements promise things such as free Robux or Builders Club. They may redirect to another YouTube channel or a phishing site.
- Inspect Element: Many YouTubers might use Inspect Element to make it appear like they are manipulating the Roblox website when they are not. The person may encourage players to give them Robux or account information in order to learn how to "exploit" the Roblox client.
- Bot uploads: These users create loads of YouTube bots to mass produce videos of a user going to a scam site on an iPhone. These videos also steal titles and have thumbnails from popular Roblox YouTubers. Many have no views, so this is ineffective.
- In-game scam: A bot/user randomly visits a game that says that you can get free Robux/gamepass by visiting the website, a few seconds, they will leave a game and find other server/game.
These scams don't directly harm the victim in any way, other than wasting their time.
- Teleport places: Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- Livestreams: Fake YouTube livestreams are set up and promise listeners free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone. In some instances they may include links to harmful websites. Also, they sometimes have a word filter which mutes anyone who says that the livestream is fake.
If a player is scammed
Users should contact
email@example.com if they find their valuables to be gone and suspect they have been scammed. They should include evidence, or Roblox can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem suspicious.
If a user suspects they have given their password to a phishing site, they must immediately change their password, logout of other sessions, and enable 2-step verification for extra protection. If a user has downloaded phishing software, they must uninstall the software immediately, erase any cookie loggers, run a full antivirus scan, change their password, and create a new .ROBLOSECURITY cookie.
- Avoid gamepasses in bait and switch games. They are mostly gamepasses that last until you reset or leave the game, which will try to get you to waste a lot of money on the game.
- When buying shirts, pants or T-shirts, users are encouraged to look for [ Content Deleted ] in the item's description. This is an indicator that the item has violated Roblox's Terms of Service, so it is best to avoid buying those.
- If no or little users have bought a VIP shirt or a gamepass, users are encouraged to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than Roblox. This includes shortened links (adfly, bitly, TinyURL, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- Even if just going to the website doesn't cause anything malicious, it is still recommended to not visit such scam sites, as increased traffic can encourage more bots.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is a phishing scam that feature codes that seem legitimate, although many contain letters, which Roblox codes do not have.
- While buying a VIP T-shirt or similar item, users should check to see if the creator of the place has allowed the selling of the items. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the item is legitimate or not. Note that the perpetrator may have made alternate accounts (or hacked into others and turned the said accounts into spam bots) to promote the said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- Avoid programs and websites not created by the Roblox developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- If someone asks the user to send them specific lines of code from their browser or client, they are strongly advised to not follow through as certain snippets of code can be used to get into the user’s account, such as the .ROBLOSECURITY cookie.
- Avoid "free" Builders Club and Robux comments. Roblox does not promote any free paid services.
- Avoid YouTube videos that ask players to subscribe in order to get free Robux. These are always fake and often are made to get subscribers. The same can be said for Twitter accounts who claim to do so too.
- Avoid any game that uses the name "Robux", "Robucks", or anything similar, and have the Roblox logo or the Robux icon as a picture, especially if they have more players "playing" than "visits"; these places are most likely scams.
- Use the Report Abuse buttons located throughout the site to report anyone who is scamming. It is the best way to help prevent this from happening in the future.
- Set your message preferences to friends or followers only through account privacy settings to reduce spam mail from bots.
- Turn on two step verification if you do not have it turned on already and you have an email linked with your account.
A collection of images related to this article can be viewed on the following page: Scam/Gallery