So basically there is a scam going around of people asking for .har files for a GFX Project.
And I will be explaining how the scam works, and what they are trying to gain from you.
So first off, how the scam beings…
The scam will begin with a random person (Either an alt or an stolen accout) sending you a message on roblox telling you they will make a GFX using your avatar. (DO NOT GIVE YOUR .HAR FOR THIS)
After you add them in dizzy, they will send you a video how to get a .har file and request you to send it for a random ammount of robux.
When they get your .har file they will be able to access your roblox cookies and then lock you out of your account, use it for more scams, sell and buy limiteds and take the account fully.
What is a .har:
A .har is a JSON formatted archive file format for logging web browsers interaction with a site. (Being able to see your roblox cookie.)
How to stay safe from this.
To stay safe is really easy, all you gotta do is ignore those messages, block them and possibly report them for scamming.
A really, really simple way to aviod this is to turn messages on to followers only. Most scammers mass send this message, most won’t take the time to follow you.
I think if anyone is worried about getting ‘beamed’ just be smart.
Don’t click on links (especially on Discord, if someone sends you a link to a Roblox game, just look up the game’s title)
Any files (everything you need to share can be shared via the Roblox website, like models/decals/scripts)
Don’t share any information that’s sensitive (Social engineering is real, stop sharing birthdays/gmails/etc like it’s candy on Halloween)
Since this is getting attention again, it should also be noted to utilize every security feature Roblox has to offer. This means account pins, verify your email, verify your phone, use an authenticator app, etc.
Also I suggest using a password manager. If you use it, you can make an extremely long Roblox password that’s impossible to guess or remember. I once had a password of 1k characters which means it’s impossible to bruteforce.
I recently got a message about someone who attempted to scam me via saying “I was just wondering if I could include your character in the thumbnail artwork of a game that my team is developing.” and offering large amount of Robux. Have you guys ever got something like that?
You can do a few things to check if that person is a scammer:
See if they’re Age Verified on the Talent Hub.
Ask them why they want your character in a thumbnail.
Make a thumbnail, but before you show them it, make to sure to put a watermark so they don’t scam you. Only give them the actual thumbnail without the watermark AFTER they pay out.
I already know those people are scamming so there’s no point in trying to check if they’re legit, I’ve heard hundreds of other people get this exact same message while the scammer is on different accounts each time (most likely ones they stole). Plus they want a 3d model of your character, which if they actually wanted to do that they wouldn’t even need me to do that.