How to prevent Roblox scams and hacks

Tutorial
1

Hey there, @David here. I’m here today to present to you how to prevent you from Roblox scams / hacks.

We will cover three sections:

  1. Trading scams
  2. SIM swapping (not really Roblox related, but can happen to Roblox accounts)
  3. Cookie logger

Remember, anyone in Roblox can be a scammer, don’t trust anyone if they promise free Robux, Premium or anything else.

1. Trading scams

Trading scams are common with people with Limiteds, some examples include (taken from the Rolimons Discord Server):

image
image764×1232 124 KB

image
image862×1148 134 KB

How to protect yourself:

  • Always make sure the trade only happens in the Roblox trade section, nowhere else.
  • Use Roblox messaging (if possible), if the scammer scams you, you can report it and the user will be banned due to the evidence; this also decreases the chance of the Trade API scam occurring.

2. SIM Swap

The scammer will find your phone number or network provider and pretend to be you so another sim can be sent to their address, they will be able to connect your number and is able to reset your password if you phone number is linked to your Roblox account!

How to protect yourself:
This can happen, even if the scammer doesn’t know your phone number, but knows your full name

  • Make sure you don’t publish your full name online, use a nickname or your first name (like me, @David)
  • If at the unfortunate event your SIM gets swapped, contact your provider and tell them to lock the number down, some network providers can change the number for you

3. Cookie logger

This far is more complicated, as some percentage of Roblox players do not know what cookies are.
What are cookies?

Cookies are basically small text files stored in your browser. Cookies can remember your log in details, use plugins and more!

Roblox uses cookies to

  • Make games work
  • Store your Roblox log in information (encrypted)
  • Provide information of certain aspects of the site, like the avatar editor, the cookie could say this person is wearing a shirt with ID 123456

Cookies are normal on every website you come across (Google, GitHub, even this forum!). most are just used to provide the page, and pose no harm.

The hacker will send a YouTube video on Discord or another platform for a GFX or pose to be Roblox staff. They will ask you to copy your .ROBLOSECURITY cookie, which is the cookie to get into your account. This bypasses 2FA and other security. The cookie even has a message saying ” DO NOT COPY THIS “

How to protect yourself:

  • Always check the profile of the ‘suspicious’ Roblox staff member, check if their account has a Administrator tag, looks like this:

image

If the badge does not show, or the staff member asks you to forward your messages or email a generic email service (that doesn’t have @Roblox.com at the end), report and block the user.

Generic email services include:
@gmail.com
@hotmail.com or @outlook.com
@yahoo.com
@aol.com
@icloud.com

To protect your account, read @Deleted_User12 ‘s post on 2FA (2-Factor Authentication) here

I hope this post has helped you protect against these scams and hacks, if there is a mistake, please use the Reply button
image
so I can fix it!

3 Likes
2

In the roblox support emails, it does not say their username it just says their name?

3

Fake Roblox staff will message you, they will try to hack you. If there’s something wrong about your account, contact the official Roblox support here

Yes, Roblox staff will use their names in support emails but not anywhere else

4

So in their actual support messages they won’t have their username in it?

1 Like
5

Roblox Staff shouldn’t sign off a formal email to a Roblox user as when we go to support, we have to enter our Roblox Username and our Actual name for them to formal to us. I wouldn’t put down my roblox username as my real name, I’d put my real name so it’s more of a professional and formal email for both users.

1 Like
6

In every end support email they say

"Sincerely,

Name
Customer Support
Roblox Support"

1 Like
7

It’s more preferable to sign of professional. If I’m announcing a development update, I’ll sign off as Oreo or ScriptedOreo. Where if I’m signing off to a moderator announcement, I’ll use my actual name and not my roblox name.

2 Likes
8

I don’t think you understand what we’re saying. On the post, I’m talking about fake (not real) Roblox support, they will chat to you on Dsicord (remember, they will only chat with you on Roblox support) and ask you to forward all emails, so they can reset your password and get your account!

1 Like
9

I think it’s bad, Roblox must have a way to stop people forwarding emails. I was close to loosing my account back in early 2021 due to some tiktok video. I still the roblox account to this day due to me learning over the amount of times I’ve been compromised. Hence my post on account security, people can learn from this post and my one on how to keep their account safe.

1 Like
10

Roblox can’t really do anything about it, since the hacker will tell the user to go off-site to their email platform; see below picture (from Rolimons Discord Server)

image
image996×1306 222 KB

2 Likes
11

The best way to check if an email is legit is via the domain in the email.

A legit roblox email with always have: “@roblox.comat the end, always be really careful to make sure there aren’t any hidden or easy to miss characters.

In addition to that the domain may have a subdomain.

E.g:

account.support@roblox.com

2 Likes
12

Yeah, the ROBLOX support emails I get are from “support-en@roblox.com”, so if you get any emails from a different email for example “support-en@gmail.com” do not reply. Block it and report it to the end of the email addresses provider.

13

I don’t believe you can report false or phishing Gmail accounts to Roblox, you might have to report that to Google.

2 Likes