Scams refer to an event or action in which one or more users attempt to defraud and deceive other users of their virtual currency, items, accounts, or even control of their computer (via Malware) by pretending to offer items, Builders Club membership, Robux, or other services and products that would benefit the target user. Scams have increased in number ever since the removal of tickets.
Virtual currency scams
The following are common scams that involve the virtual currency, Robux. Often the victims loses substantial amounts of ROBUX, although the ROBUX may be recovered by contacting firstname.lastname@example.org.
- "Admin" Scams: The perpetrator publishes a t-shirt with a name such as "Admin for Reason 2 Die" or "Mod for Twisted Murderer". Often sold for a low price, these t-shirts advertise some kind of privilege or service in a popular game. These shirts do not follow through with their advertised service. This has since disappeared due to the advent of the Game Pass, which eliminated the need for game creators to distribute additional game privileges through VIP shirts.
- Classic Defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold on T-Shirts.
- Drawn Portrait Scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can be drawn for a fixed fee. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact
- Fake Game Passes: The perpetrator sells a game pass that advertises special in-game features for the player. No additional features are given once a user purchases a game pass.
- Copied Clothing: The perpetrator steals popular clothing sold for low price, adds "ORIGINAL" or "90% OFF" to name and sells it for higher price. Many new players fall for this, making original shirt get less sales and the perpetrator more ROBUX.
- Game-Pass Scam: The perpretator sells gamepasses for incredibly expensive prices in a game. But when the player quits the game, or resets their character while playing. They lose what they pay for and have to pay for the gamepass again to get the item back. This is often found in Bait and Switch games.
- Click Me Scam: A bunch of generic people just called "ClickMe" or "DontClickMe" send you friend requests and follow you, but they are spam accounts that will lead you to a false website where you'll get scammed.
- "Invisible" Shirt Scam: This is a scam that is seen commonly, how it works is that some users will post an ad of a character with no torso or legs, and claim that it's a "invisible" shirt or pants. They then say that it's on sale for a limited time, and they claim that the reason it has the picture of the ripped paper is because it's invisible and it's image cannot register. These are fake and don't make your character invisible, it just makes it look like you're not wearing a shirt or pants.
2013 swarm attack
The 2013 swarm attack was when a bunch of PGed users (and some bots) started flooding comments on catalog items with different messages to the same sites, one example:
ROBLOX is celebrating Buildermans birthday by giving everyone 500,000 ROBUX who completes a quick survey! Go to RobloxRewards#.org (Remove the #)
All of the users that participated in the attack got terminated. As of 2017, the site is up for sale.
2017 Group Wall Scam
Upon mid-2017, the Group Wall Scam was caused by random spam bots spamming unique and different messages saying they got ROBUX from a ROBUX site (which is clearly a scam). The messages are different and even though they said they got ROBUX, they are the typical looking avatars you get when creating a male account for the first time, This scam also affected the comment sections of various badges. Earlier in 2017, the bots were posting messages that led to a YouTube video. (i.e. video exposing owner). Some players even think these bots are connected to the Bot Crisis Scam of 2016-2017. The users that caused this event have never been identified as there are currently no suspects as of today.
2016-2017 Bot Crisis scam
During the years of 2016 and 2017, the great bot crisis was caused by masses upon masses of bots swarming the roblox forums and being used as friend request scams, this causes mass panic. And very sloppy updates from RBXDev who got extreme hate towards them and even more hate towards ROBLOX itself, resulting in a petition with over ten thousand signatures to revert an update that was ineffective in stopping the bot advance through the forums. Players will put their ROBLOX password into scam websites, giving people the account and being able to turn the account into a spam bot. Like the 2017 Group Wall Scam, the users that caused this event have never been identified as there are currently no suspects as of today, but they're likely the same users that caused the 2017 Group Wall Scam. Some people think the clickbait Youtuber Kazok was behind this.
Users should contact
email@example.com if they are scammed. They should include evidence, or ROBLOX can't refund them. Such evidence can be in the form of a screenshot and the scammer's username; it is recommended to screenshot any purchases that seem sketchy or risky.
This act takes place when a user initiates a service or product, and in-turn leads to malicious results. The most harmful scams and attacks are phishing scams, and depending on the severity, one can lose access to their entire computer if they are not cautious enough. These scams may lead to a release of personal or sensitive information.
These scams do variable damage, ranging from losing ROBUX to becoming a victim of malware. It is always recommended to never fall for these scams.
- Login info via ROBLOX messages: The scammer messages a user and asks his/her username and password in return for ROBUX or services, such as Builders Club. This can result in account loss. In 2016, the scam became more common and heavily targeted by sending a message to the player while playing a front page game.
- Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a reward of Builders Club or ROBUX. This scam is more effective than ROBLOX messages alone since people can limit the people who can message to him/her.
- Login info via survey: The scammer leaves comments asking for users to participate in a survey to get a special offer from ROBLOX. This will expose their username to the scammer and therefore lose their account.
- Login info via E-Mail: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that seem convincing to a newbie ROBLOX user. A variant exists in comments.
- Login info via "Exploits": The scammer leaves comments directing users to a link that gives an exploit tool for the ROBLOX client, which will then ask for login info.
- Login info via ingame GUIs: Using customized GUIs, (MGUIS) a player might be tricked into thinking the "login page" is real and enter the login info for their account in exchange for a prize. This may include ROBUX, free BC, etc. After you enter your information, it may ban you from the game and your login credentials will be sent to a private chat via a discord webhook.
- Fake maintenance message: Appearing in places, this type of phishing scam commonly appears in Bait and Switch places. It appears as a maintenance message telling the user that they must log back in. Doing so feeds the perpetrator the victim's account information. Administrators will never send maintenance inside of a ROBLOX game window.
- Malware: The perpetrator directs users to a link that downloads an executable program (.exe) onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's ROBLOX account but their entire computer. This can include banking information, several passwords, and document information. Antivirus programs try to quarantine the executable program a user has downloaded, such as Avast, Bitdefender and others. Users should never download files (especially .exe files) which are from unknown sources and not from official sources (Ex. ROBLOX Administrators).
- .ROBLOSECURITY Scam: The perpetrator convinces an user that the ROBLOSECURITY cookie must be given to them. Read this article for more information on the .ROBLOSECURITY cookie.
- AuthTicket Scam: Similar to the .ROBLOSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join games and authenticate your user. If they were to get this, they could join games under your username with a simple batch command and complete in-game purchases without your knowledge, and many other things. ROBLOX+, a Google Chrome extension, warns you when you input the AuthTicket link. You are able to see this warning or view your AuthTicket here. This was branded into some phishing websites as well, not requiring a password.
- Fake Websites: Fake websites have a login form and a domain name that looks very realistic, but is fake, and claims to give a fake ROBUX/BC reward that needs to be posted on several games. This just steals a user's log-in information and promote the scam.
- Fake Google Chrome Extensions: After ROBLOX disabled comments on games and items, attackers are now creating fake extensions that look like the real thing, but after installed they steal your .ROBLOSECURITY cookie, your AuthTicket, and the extension will post the info to a web server or private chat channel. The way to not fall for this scam is to not install the wrong extension in the Chrome Webstore. Check the ratings and downloaded to ensure it's legitimate and not malware.
- Malicious programs: Recently, along with the new extension scam, executable files advertised as "hacks" or exploits have also been known to log .ROBLOSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to define its intentions as malicious; resulting in accounts being stolen and sold frequently.
- Malware Techniques: Some pieces of malware that target ROBLOX replace your RobloxPlayerLauncher executable with a fake one that logs all user details when you join a game. It is recommended to reinstall ROBLOX or remove/replace the fake launcher with a legit one if you get infected by this type of malware.
- Copying Technique: After the introduction of Team Create, players often hired people to work with them for their game. However, some people hired would immediately copy what was done so far of the game, and re-publish it on their own name, claiming what they have done is allowed. This causes the original game to be thought as the copy.
When directed to a phishing site, extension, etc., ROBLOX+ will usually send a desktop notification saying "1 tab closed for malicious content" or something of that nature, and the tab with the phishing URL will be closed.
- Main article: Teleport Places
Teleport places are a type of scam where victims are teleported to another place to gain place visits and formerly Tickets, supposedly to be cashed out for Robux. This does not harm one's account, but is believed to make it look like the place where players are teleported to is the actual place itself. Some places will also use a custom teleport GUI and a black overlay to make it look like the place is still loading.
- When buying catalog items, users are encouraged to look for [ Content Deleted ] in the item's description. [ Content Deleted ] is an indicator that the item has violated ROBLOX's Terms of Service.
- If no users have bought a VIP shirt, users are advised to avoid purchasing it until more users have done so.
- Avoid links that lead to sites other than ROBLOX, YouTube, Twitter, or Twitch. This includes shortened links (TinyURL, bitly, etc). Follow off-site links with caution and avoid any suspicious sites and links.
- While buying a VIP t-shirt, users should check to see if the creator of the place has allowed the selling of this t-shirt. For example, there are many fraudulent versions of VIP for the game "Catalog Heaven" although the only legitimate versions of the VIP are sold by Seranok (previously by Merely).
- If the item's comments are not disabled, read them to see if any other users say whether the place is not legitimate. Note, though, that the perpetrator may have made alternative accounts (or hacked into others and turned the said accounts into spam bots) to promote said scam, so check for accounts that claim it's a scam.
- To prevent falling victim to portrait scams, check the scammer's inventory for any stolen artwork. In addition, an user can check to see if the total amount of drawings in the seller's inventory is fairly close to the total number of "get drawn" assets sold; any huge discrepancies in the total number of people drawn and assets sold hints towards a portrait scam.
- Some scammers have their names listed on alternative accounts' descriptions stating they are scammers. While this is not always the case, if there are a large amount of these accounts, this is something to be wary of; try avoiding these users.
- If a user follows an off-site link that goes to a login page, do not put any information in it. The page is most likely a phishing scam most scams include codes that look real. But if they have letters with numbers. Just ignore it's fake. ROBLOX gift card codes never contain letters.
- Avoid programs not created by the ROBLOX developers that ask for login information. Similarly, avoid downloading files (particularly .exe programs) that you do not know the source of, and never run any program with admin privileges unless you are 100% sure it's legitimate.
- Comments such as "Builderman told me how to get this reward by doing..." are scams, and no reward is given for posting those types of comments.
- Avoid "free" Builders Club and ROBUX comments; ROBLOX does not promote any free paid services.
- Avoid places that claim to give free ROBUX.
- Don't accept friend requests from users with the words 'ClickMe', 'DontClickMe', 'ReadMyDesc', and 'ReadMyProfile' in their names. If you do, they will send you messages that have links to phishing sites.
- Avoid YouTube videos that ask you to subscribe in order to get free ROBUX. These are always fake, and often are just made to get subscribers.
- Avoid reading messages stating that you appeared in a famous video that the user had "created", this is fake, the "videos" are links to harmful websites that are coded with malware
- If a "noob" (Fresh made account with the basic account clothing) tries to add you a friend request, do not add them unless you absolutely know the person. Check their profile to see how many friends they have. If they have 0, then don't add them. Make sure to check their About. If it says, Ex: "I'm a girl and I love playing Roblox and I'm looking to make friends :)", then its a fake. They are just trying to trick you.
- Do not listen to YouTubers like Robuxian and Kazok, they often post false information about ROBLOX and steal your account with scams.
- When hiring players to create games, make sure they are trustworthy, and have a clean history of working with other players to prevent losing your game.
Things to do
- Protect your account! It's best to set up a password that will not be easily guessed.
- Avoid scam comments! Look out for scam comments if you are viewing some comments on items (E.g. Shirts, pants.). Report comments like that stright away if you spot one.
- Do not visit Robux Generators! Robux Generators are websites run by scammers, if you try any of these websites, they will steal your account.
- (BC Only) Make your group private! Only accept players that don't post scam comments or break ROBLOX's rules, if you see any group requests sent by scammers, decline them.
- Don't let scammers send you messages! In order to keep your ROBLOX Message wall safe, go to your privacy settings, on the "Who can send me messages?" box, select "friends only." and save.
To prevent scammers from scamming
If you wish to prevent a scammer from posting scams, there's some tips:
- Report the scam.
- Tell him/her to stop scamming, if he/she didn't listen/ignore your advice, report him/her.
- If you're a creator of a group, and you saw a scam on your group's group message wall, either exile him/her or delete the comment.
- Email ROBLOX at firstname.lastname@example.org concerning the scam, this assures that ROBLOX acknowledges the scam.