Scams refer to an event or action in which one or more users attempt to defraud and deceive other users of their virtual currency, items, accounts, or even control of their computer (via Malware) by pretending to offer items, Builders Club membership, Robux, or other services and products that would benefit the target user. Scams have increased in number ever since the removal of tickets.
A hoax is a different concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim.
Types of scams
Virtual currency scams
The following are common scams that involve the virtual currency, Robux. These kind of scams often cause the victim(s) to lose substantial amounts of ROBUX, although the ROBUX may be recovered by contacting email@example.com.
- Admin scams: The perpetrator publishes a t-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, these t-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This has since disappeared due to the advent of the Game Pass, which eliminated the need for game creators to distribute additional game privileges through VIP shirts.
- Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold on t-shirts.
- Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can be drawn for a fixed fee. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact.
- Fake game passes: The perpetrator sells a game pass that advertises special in-game features for the player. No additional features are given one a user purchases a game pass.
- Copied clothing: The perpetrator steals popular clothing sold for a low price, adds "ORIGINAL" or "90% OFF" to the name and sells it for a higher price. Many new players fall for this, making the original shirt get fewer sales and the perpetrator earns more ROBUX.
- Gamepass scam: The perpetrator sells game passes for incredibly expensive prices in a game. When the player quits the game or resets their character while playing, they lose what they pay for and have to pay for the game pass again to get the item back. This is often found in bait and switch games.
- "Invisible" shirt scam: A user publishes an advertisement that claims a certain shirt or pants will cause the player's avatar to become invisible. The clothing is instead transparent, which does not create an invisible avatar. If no preview is seen in the catalogue for the item, the perpetrator might claim that the image is "broken" instead of it actually being rejected by the image moderators.
- Click Me Scam: ClickMe and DontClickMe accounts are a group of spam bots that are programmed to send you friend requests and follow you then immediately message you about a website that awards the player robux but in reality, those websites are scams or viruses. The website URL changes most of the time. The players that have created those accounts were never identified, though they might be heavily experienced hackers due to the severely large amount of ClickMe and DontClickMe accounts that the unknown hackers have produced, however, since mid-2017, almost all of these accounts have been terminated.
- In-game GUI scams: A GUI pops up on the player's screen and tells them to click as many times as possible in order to beat a high score. While the player is rapidly clicking, they do not see that they are actually purchasing something from the game.
These scams take place when a user initiates a service or product which in-turn leads to malicious results. Depending on the severity, the user can lose access to their computer if they are not cautious enough. Some phishing scams may also lead to "doxxing", where the user's personal or sensitive information is published online.
These scams do various kinds of damage, ranging from losing ROBUX to becoming a victim of malware. It is always recommended to never fall for these scams.
- Login info via ROBLOX messages: The scammer messages a user and asks for his/her username and password in return for ROBUX or services, such as Builders Club. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player while playing a front page game.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a reward of Builders Club or ROBUX. This scam is more effective than ROBLOX messages alone since people can limit the people who can message to him/her.
- Login info via survey: The scammer leaves comments asking for users to participate in a survey to get a special offer from ROBLOX. This will expose their username to the scammer and therefore lose their account.
- Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that seem convincing to a newbie ROBLOX user.
- Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for the ROBLOX client, which will then ask for login info.
- Login info via in-game GUIs: Using customized GUIs, a player might be tricked into thinking the "login page" is real and enter the login info for their account in exchange for a prize. This may include ROBUX, free Builders Club, etc. After you enter your information, it may ban you from the game and your login credentials will be sent to a private chat via a discord webhook.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in bait and switch places. It appears as a maintenance message telling the user that they must log back in. Doing so gives the perpetrator the victim's account information. Administrators will never send maintenance inside of a ROBLOX game window.
- Malware: The perpetrator directs users to a link that downloads an executable program (.exe) onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's ROBLOX account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs try to quarantine the executable program a user has downloaded, such as Avast, Bitdefender and others. Users should never download files (especially .exe files) which are from unknown sources and not from official sources (Ex. ROBLOX Administrators).
- .ROBLOSECURITY scam: The perpetrator convinces a user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. ROBLOX+, a Google Chrome extension, warns players when they input the AuthTicket link.
- Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake ROBUX/BC reward that needs to be posted on several games. This just steals a user's log-in information and promote the scam.
- Fake Google Chrome extensions: After ROBLOX disabled comments on games and items, attackers are now creating fake extensions that look like the real thing, but after installed they steal a player's .ROBLOSECURITY cookie and their AuthTicket, and the extension will post the info to a web server or private chat channel. The way to not fall for this scam is to not install the wrong extension in the Chrome Webstore. Check the ratings and reviews to ensure it's legitimate and not malware.
- Malicious programs: Recently, along with the new extension scam, executable files advertised as "hacks" or exploits have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious; resulting in accounts being stolen and sold frequently.
- Malware techniques: Some pieces of malware that target ROBLOX replace a player's RobloxPlayerLauncher executable with a fake one that logs all user details when they join a game. It is recommended to reinstall ROBLOX or remove/replace the fake launcher with a legit one if a player gets infected by this type of malware.
When directed to a phishing site, extension, etc., ROBLOX+ will usually send a desktop notification saying "1 tab closed for malicious content" or something of that nature, and the tab with the phishing URL will be closed.
- Main article: Teleport Places
Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
These scams are done on YouTube. Like with scams on Roblox, a player may lose their Robux, their Roblox account, or computer data.
- Livestreams: Fake live streams are set up and promise listeners free Robux. The live stream might have bots as moderators and people listening to attract more viewers and might loop fake videos of them giving Robux out to someone
- Roblox-related advertisements: These advertisements promise things such as free Robux or Builders Club. They may redirect to another YouTube channel or a phishing site.
- Inspect Element: Many YouTubers might use Inspect Element to make it appear like they are manipulating the Roblox website when they are not. The person may encourage players to give them Robux or account information in order to learn how to "exploit" the Roblox client.
- Bot uploads: These users create loads of YouTube bots to mass produce videos of users going to scam sites on an iPhone. These videos also steal titles and have thumbnails from popular Roblox YouTubers. Many have no views, so this is ineffective.
If a player is scammed
Users should contact
firstname.lastname@example.org if they suspect they have been scammed. They should include evidence, or ROBLOX can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem sketchy or risky.
- Avoid playing games that promise free Robux. Do not participate in clicker/free robux games as a player may lose Robux in a hidden transaction during the game.
- When buying catalogue items, users are encouraged to look for [ Content Deleted ] in the item's description. [ Content Deleted ] is an indicator that the item has violated ROBLOX's Terms of Service. Try to avoid buying them.
- If no users have bought a VIP shirt, users are advised to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than ROBLOX, YouTube, Twitter, or Twitch. This includes shortened links (TinyURL, bitly, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- While buying a VIP T-shirt, users should check to see if the creator of the place has allowed the selling of this t-shirt. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the place is not legitimate. Note, though, that the perpetrator may have made alternative accounts (or hacked into others and turned the said accounts into spam bots) to promote the said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, a user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is most likely a phishing scam most scams include codes that look real. But if they have letters with numbers. Just ignore it's fake. ROBLOX gift card codes never contain letters.
- Avoid programs not created by the ROBLOX developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- Comments such as "Builderman told me how to get this reward by doing..." are scams, and no reward is given for posting those types of comments.
- Avoid "free" Builders Club and ROBUX comments; ROBLOX does not promote any free paid services.
- Avoid YouTube videos that ask players to subscribe in order to get free ROBUX. These are always fake and often are made to get subscribers.
- Use the Report Abuse buttons located throughout the site to report anyone who is scamming. It is the best way to help prevent this from happening in the future.
- Contact email@example.com to report scams.