How to deal with blackmail

Help and Feedback Game Design Support
#1

If this is this incorrect category to post about this, apologies. I don’t know where else to get official support from roblox players.

So, I was recently spam messaged with blackmail threats, screenshots are here.

image
image1431×114 24.6 KB

image
image1280×557 52.3 KB

The link they gave me looks malicious, so I opened it on TOR browser, which gave me a pop-up saying it’s a cross-script attack

image
image1292×1367 423 KB

image
image1396×75 21.7 KB

image
image1403×106 21.6 KB

image
image1442×225 46.4 KB

image
image1438×531 83.7 KB

image
image1424×101 20.7 KB

It goes on and on.
If this was actually genuine, I don’t recall scamming anyone, or interacting with anyone regarding anything related to robux.
Looking in on these accounts, they seem to be unfortunate players who got their account compromised, as some of them had robux on their account, and some even joined as early as 2015.

If anyone could provide me details as to what is going on, and how to deal with it, it’d be great.

4 Likes
#2

It is simply a fishing link to get your account. You can change your “Who can message me” setting to stop them. I recommend watching the video KonekoKitten made over them.

#3

They’re all bot’s, it’s nothing to worry about.

Maybe you should turn on the setting where the person has to follow you to message you, free followers!

6 Likes
#4

Sergeant_Roach made a post about this and you can view it here

#5

Heck yeah! Thanks for the idea, I set my account to followers only message.

1 Like
#6

lol

  1. These are clearly bots
  2. This isn’t blackmail. Do you know what blackmail is?
  3. Tenor is a popular and safe gif thingy service
  4. That pop up does not mean its a cross-site script attack
1 Like
#7

Simply set your messages to follow only, these bots have nothing better to do, hope that helps :grin: but be warned do NOT and this applies for everyone open any link that these bots give you

#8

Judging from your screenshots, the Roblox API@arkoselabs had a XSS vulnerability where a third party was able to execute code in the context of roblox.com, stealing your account token.
It is also quite interesting that arkose labs reopened their bug bounty program 15 hours ago, specifically for their web APIs not even two weeks after they closed it.

453×560 26 KB

I assume they already patched it but no guarantee. I recommend using NoScript for your everyday browsing regardless.

1 Like
#9

If you really were to get Blackmailed the best course of action is to contact the authorities or seek help. But you first have to make sure you are being Blackmailed.

#11

That’s not the real Tenor, since it has a different TLD. It’s a phishing link that abuses a vulnerability with one of the third party services Roblox relies on to grab your cookies. It’s likely been patched by now.

4 Likes