Most people are aware of phishing campaigns that try and get information such as credentials (usernames & passwords), bank account and other information that can be resold or utilized for other means. While most people are used to seeing this kind of attacks through Email campaigns or fake web ads. Most people wouldn’t think that they would target children.
Enter Roblox
For those of you that aren’t familiar with Roblox, Roblox is massively multiplayer online and game creation system platform that allows users to design their own games and play a wide variety of different types of games created by other users (per Wikipedia).
There are some parental control features for Roblox. But the concern is phishing. Recently my daughter stumbled on a user who has created several ‘games’ inside Roblox. This take little effort and has no relative cost. However just like most scams they are targeting popular game names to lure kids into playing their 'games':
Once you click on one of the games the application will load (assuming you have Roblox installed on your device). Once loaded each game takes you through a similar scenario:
The game wants kids to ‘claim’ 5000 Roblox which translates to roughly $55.00 USD, this in an in the game currency that kids use to gain access to special items or exclusive locations. Please note the only option a user has is to enter the password, none of the other ‘links’ properly work.
I would advise any parent especially those with kids that play Roblox take the time to educate them on this issue, even though it is just a game the scammers can leverage the username in password to gain access to the account, find what email address is associated with the account and try the same password on there, also they can look and see if you have a credit card linked to the account and make purchases that they can funnel through their ‘games’.
Please stay safe and vigilant.
