How not to get scammed by .har files

So basically there is a scam going around of people asking for .har files for a GFX Project.
And I will be explaining how the scam works, and what they are trying to gain from you.

So first off, how the scam beings…

The scam will begin with a random person (Either an alt or an stolen accout) sending you a message on roblox telling you they will make a GFX using your avatar. (DO NOT GIVE YOUR .HAR FOR THIS)

After you add them in dizzy, they will send you a video how to get a .har file and request you to send it for a random ammount of robux.
When they get your .har file they will be able to access your roblox cookies and then lock you out of your account, use it for more scams, sell and buy limiteds and take the account fully.

What is a .har:
A .har is a JSON formatted archive file format for logging web browsers interaction with a site. (Being able to see your roblox cookie.)

How to stay safe from this.

To stay safe is really easy, all you gotta do is ignore those messages, block them and possibly report them for scamming.

Stay safe out there!

41 Likes

Thank you for sharing this valuable info with the DevForum community!

3 Likes

I just report every message like this that I get where they ask me to add them on Dizzy.

Best thing we can do in these cases is report the message for Phishing / account theft.

3 Likes

A really, really simple way to aviod this is to turn messages on to followers only. Most scammers mass send this message, most won’t take the time to follow you.

9 Likes

I think if anyone is worried about getting ‘beamed’ just be smart.

  • Don’t click on links (especially on Discord, if someone sends you a link to a Roblox game, just look up the game’s title)
  • Any files (everything you need to share can be shared via the Roblox website, like models/decals/scripts)
  • Don’t share any information that’s sensitive (Social engineering is real, stop sharing birthdays/gmails/etc like it’s candy on Halloween)

Since this is getting attention again, it should also be noted to utilize every security feature Roblox has to offer. This means account pins, verify your email, verify your phone, use an authenticator app, etc.

Also I suggest using a password manager. If you use it, you can make an extremely long Roblox password that’s impossible to guess or remember. I once had a password of 1k characters which means it’s impossible to bruteforce.

7 Likes

I recently got a message about someone who attempted to scam me via saying “I was just wondering if I could include your character in the thumbnail artwork of a game that my team is developing.” and offering large amount of Robux. Have you guys ever got something like that?

2 Likes

Can you show us the entire message? That way I can check and see if it says anything suspicious or not?

1 Like

I’ve also checked the video link above. I think I consider it as a scam because they disabled likes count and comments section.

1 Like

You can do a few things to check if that person is a scammer:

  • See if they’re Age Verified on the Talent Hub.
  • Ask them why they want your character in a thumbnail.
  • Make a thumbnail, but before you show them it, make to sure to put a watermark so they don’t scam you. Only give them the actual thumbnail without the watermark AFTER they pay out.
1 Like

I’ve actually reported and blocked him…

Rip. Oh well. Next time it happens, keep what I said in mind I guess.

1 Like

Exactly, I’m going to do what you’ve said.

1 Like

I got the exact same message. Twice. By 2 different people with both the exact same message.

3 Likes

Follow what I said earlier in this post.

It could help.

1 Like

I already know those people are scamming so there’s no point in trying to check if they’re legit, I’ve heard hundreds of other people get this exact same message while the scammer is on different accounts each time (most likely ones they stole). Plus they want a 3d model of your character, which if they actually wanted to do that they wouldn’t even need me to do that.

2 Likes

That is the thing I was mentioning here, block and report.

1 Like

Asking for a .har file (Cookie logging file) is no way to get an avatar.

1 Like

Checked the video, its the scam.
If you saw in the tutorial, he’s getting it trough your console.
(Anything considering your console is untrustworthy)

1 Like

I know, that is what I was saying to IssizArda and ValiantWind, the video is the scam.

1 Like

We’ve got another one

And his group. Do not expect him to pay 8K Robux for that. Checking their group’s funds are also a good method to be sure if they’re scamming or not.