On ROBLOX, a scam refers to an event or action in which one or more users attempt to defraud and deceive other users of their virtual currency, items, or accounts by pretending to offer items, Builders Club membership, or other services and products that would benefit the target user. Scams have increased in number ever since the removal of tickets.
Virtual currency scams
The following are common scams that involve the virtual currency, ROBUX. Often the victims loses substantial amounts of ROBUX, although the ROBUX may be recovered by contacting firstname.lastname@example.org.
- "Admin" Scams: The perpetrator publishes a t-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, these t-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This has since disappeared due to the advent of the Game Pass, which eliminated the need for game creators to distribute additional game privileges through VIP shirts.
- Classic Defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold on T-Shirts.
- Drawn Portrait Scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can be drawn for a fixed fee. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact
- Fake Game Passes: The perpetrator sells a game pass that advertises special in-game features for the player. No additional features are given once a user purchases a game pass.
- Copied Clothing: The perpetrator steals popular clothing sold for low price, adds "ORIGINAL" or "90% OFF" to name and sells it for higher price. Many new players fall for this, making original shirt get less sales and the perpetrator more ROBUX.
- Game-Pass Scam: The perpretator sells gamepasses for incredibly expensive prices in a game. But when the player quits the game, or resets their character while playing. They lose what they pay for and have to pay for the gamepass again to get the item back. This is often found in Bait and Switch games.
- Click Me Scam: A bunch of generic people just called "ClickMe" or "DontClickMe" send you friend requests and follow you, but they are spam accounts that will lead you to a false website where you'll get scammed.
- /E scams: A group of perpetrators will post the in comment section of a game pass '/e free' or '/e sold' hoping to get it for free. However this is a scam and will only make the perpetrator look idiotic unless the perpetrator buys the game pass first.
2016-2017 Bot Crisis scam
During the years of 2016 and more important 2017, the great bot crisis was caused by masses upon masses of bots swarming the roblox forums and being used as friend request scams, this causes mass panic. And very sloppy updates from RBXDev who got extreme hate towards them and even more hate towards roblox itself, resulting in a petition with over ten thousand signatures to revert an update that was ineffective in stopping the bot advance through the forums. Players will put their ROBLOX password into scam websites, giving people the account and being able to turn the account into a spam bot.
Users should contact
email@example.com if they are scammed. They should include evidence, or ROBLOX can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem sketchy or risky.
This act takes place when a user initiates a service or product, and in-turn leads to malicious results. The most harmful scams and attacks are phishing scams, and depending on the severity, one can lose access to their entire computer if they are not cautious enough. These scams may lead to a release of personal or sensitive information.
These scams do variable damage, ranging from losing ROBUX to becoming a victim of malware. It is always recommended to never fall for these scams.
- Login info via ROBLOX messages: The scammer messages a user and asks his/her username and password in return for ROBUX or services, such as Builders Club. This can result in account loss. In 2016, the scam became more common and heavily targeted by sending a message to the player while playing a front page game.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a reward of Builders Club or ROBUX. This scam is more effective than ROBLOX messages alone since people can limit the people who can message to him/her.
- Login info via survey: The scammer leaves comments asking for users to participate in a survey to get a special offer from ROBLOX. This will expose their username to the scammer and therefore lose their account.
- Login info via E-Mail: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that seem convincing to a newbie ROBLOX user. A variant exists in comments.
- Login info via "Exploits": The scammer leaves comments directing users to a link that gives an exploit tool for the ROBLOX client, which will then ask for login info.
- Login info via ingame GUIs: Using customized GUIs, the player might be tricked into thinking it is real and put in the login info for the player's account for an exchange or prize. This may include ROBUX, free BC, etc. After you enter ANY information, it will ban you from the scam game forever and steal your account within a few hours.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in Bait and Switch places. It appears as a maintenance message telling the user that they must log back in. Doing so feeds the perpetrator the victim's account information. Administrators will never send maintenance inside of a ROBLOX game window.
- Malware: The perpetrator directs users to a link that downloads an executable program (.exe) onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's ROBLOX account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs try to quarantine the executable program a user has downloaded, such as Avast, Bitdefender and others. Users should never download files (especially .exe files) which are from unknown sources and not from official sources (Ex. ROBLOX Administrators).
- .ROBLOSECURITY Scam: The perpetrator convinces an user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket Scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under your username with a simple batch command and complete in-game purchases without your knowledge, and many other things. ROBLOX+, a Google Chrome extension, warns you when you input the AuthTicket link. You are able to see this warning or view your AuthTicket here. This was branded into some phishing websites as well, not requiring a password.
- Fake Websites: Fake websites have a login form and a domain name that looks very realistic, but is fake, and claims to give a fake ROBUX/BC reward that needs to be posted on several games. This just steals a user's log-in information and promote the scam.
- Fake Google Chrome Extensions: After ROBLOX disabled comments on games and items, attackers are now creating fake extensions that look like the real thing, but after installed they steal your .ROBLOSECURITY cookie, your AuthTicket, and the extension will post the info to a web server or private chat channel. The way to not fall for this scam is to not install the wrong extension in the Chrome Webstore. Check the ratings and downloaded to ensure it's legitimate and not malware.
- Malware Techniques: Some pieces of malware that target ROBLOX replace your RobloxPlayerLauncher executable with a fake one that logs all user details when you join a game. It is recommended to reinstall ROBLOX or remove/replace the fake launcher with a legit one if you get infected by this type of malware.
When directed to a phishing site, extension, etc., ROBLOX+ will usually send a desktop notification saying "1 tab closed for malicious content" or something of that nature, and the tab with the phishing URL will be closed.
- Main article: Teleport Places
Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for ROBUX. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- When buying catalog items, users are encouraged to look for [ Content Deleted ] in the item's description. [ Content Deleted ] is an indicator that the item has violated ROBLOX's Terms of Service.
- If no users have bought a VIP shirt, users are advised to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than ROBLOX, YouTube, Twitter, or Twitch. This includes shortened links (TinyURL, bitly, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- While buying a VIP t-shirt, users should check to see if the creator of the place has allowed the selling of this t-shirt. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the place is not legitimate. Note, though, that the perpetrator may have made alternative accounts (or hacked into others) to promote said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, an user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is most likely a phishing scam.
- Avoid programs not created by the ROBLOX developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- Comments such as "Builderman told me how to get this reward by doing..." are scams, and no reward is given for posting those types of comments.
- Avoid "free" Builders Club and ROBUX comments; ROBLOX does not promote any free paid services.
- Avoid places that claim to give free ROBUX.
- Don't accept friend requests from users with the words 'ClickMe', 'DontClickMe', 'ReadMyDesc', and 'ReadMyProfile' in their names. If you do, they will send you messages that have links to phishing sites.
- Avoid YouTube videos that ask you to subscribe in order to get free ROBUX. These are always fake, and often are just made to get subscribers.
- Avoid reading messages stating that You appeared in a famous video that the user had "created", this is fake, the "videos" are links to harmful websites that are coded with malware
- If a "noob" (Fresh made account with the basic account clothing) tries to add you a friend request, do not add them unless you absolutely know the person. Check their profile to see how many friends they have. If they have 0, then don't add them. Make sure to check their About. If it says, Ex: I'm a girl and I love playing Roblox and I'm looking to make friends :), then its a fake. They are just trying to trick you.
To prevent scammers from scamming
If you wish to prevent a scammer from posting scams, there's some tips:
- Report the scam.
- Tell him/her to stop scamming, if he/she didn't listen/ignore your advice, report him/her.
- If you're a creator of a group, and you saw a scam on your group's group message wall, either exile him/her or delete the comment.
- Email ROBLOX at firstname.lastname@example.org concerning the scam, this assures that ROBLOX acknowledges the scam.