Roblox gamers are once again being warned to be on their guard against scammers plundering valuable digital items.

Most multiplayer titles are all about customization. You won’t find many popular games where digital items aren’t up for grabs. Some games lock the items, such as outfits, weapons, or valuables, to your account and/or characters. Other games allow players to trade them. Those trades can be straightforward item swaps, or paid for with in-game fictional currency. They might end up on marketplaces where they’re bought and sold with real world cash. It all depends. This isn’t new, but it is awful.

What’s happening with Roblox?

Roblox allows you to make your own games, or just take part in challenges created by others. It’s constantly changing, and there’s always something new to do. As a result, it’s hugely popular with young kids and teens. Their accounts and digital items are highly coveted by scammers and account compromisers. In Roblox land, these people are known as “Beamers”.

Beamers use a variety of tricks to compromise accounts, and then head off to various shady marketplaces. There, they try to sell or trade for US dollars or cryptocurrency. This is pretty commonplace for a large number of online titles, but ripping off kids is always going to leave a bad taste in the mouth.

How do scammers rip off Roblox players?

It’s a mixture of old and new techniques. Below, we’ve listed some from the Beamer article and a few which we’ve looked at ourselves. Forewarned is forearmed, and all that.

  • Phishing: Beamers use creation kits to whip up bogus sites for their imitation domains. As the article mentions, it often begins with a message sent to another player. While we don’t know the content of those messages, a popular trick is to pretend they’re a game admin or mod. The Beamer might claim the victim is in trouble, or has failed a safety check. Or they might claim to be offering a cool free item.
  • SIM swap: Another timeless classic. This is where attackers trick mobile networks into redirecting texts to their own device. By doing so, they can bypass SMS based two-factor authentication because the codes end up being sent to them, as opposed to the victim.
  • Generators: Never discount the allure of free in-game currency. Generators aren’t mentioned in the article, but they are a mainstay of scam tactics. Offer a bogus tool, claim to create as much currency as the victim requires, and have them run it. The executable may contain malware, or it may direct the user to a phish or survey scam.
  • Ransomware: Another one for the “I didn’t expect that” pile. In this particular instance, we’re talking bogus versions of real tools designed to automate certain functions.

Scammer hideouts and information gathering tools

It appears a lot of the Beamer activity takes place inside services such as Discord. This makes sense; it’s a fast, easy way to keep trades flowing with minimal set-up fuss for the creator to worry about. Tying Discord channels to phishing pages so the owner knows when someone has entered details is part of the trick.

Additionally, gaming data often feeds into third-party sites. This can be useful. If you play an MMORPG and need to buy low/sell high? There’s usually a site for that, and it’s possible you’ll be able to see the item owner’s character details, or the server they play on. Great for trades, but bad for painting a large target on your back. Years ago, scammers would filter Xbox360 gamers by prestigious achievements and high gamer scores and mark targets that way. Now it’s a lot more item/commodity centric, but despite this the account is still at risk of being hijacked and sold on.

Time to lock down your Roblox accounts

A good reminder, then, to keep yourself up to date with the security measures recommended on the Roblox security page. You can bet people are coming up with new and creative ways to relieve you of your account at any given moment. It’s up to you to ensure you’re always one step ahead of the item-stealing crowd.