Google (and I think others) solves this problem with authorizations by disabling the “Confirm” button until after a few seconds pass (and I think only after mousing out of the box if your cursor started in).
It only slows down the confirmation by a second, but forces you to reflect on the transaction before confirming it.
EDIT: esp. for mobile, repeated taps/clicks on confirm should also delay confirm button actually working
I want to give whoever made this a hug because that’s one helluva scam.
I think making the confirm button inactive for a few seconds is a really good idea.
Also, not sure if this would be any help, but maybe switch the button locations from time to time on transactions and have the confirm button bright colored where it attracts the eye to avoid accidentally canceling it ( though canceling on accident is a lot better than confirming on accident )
Ex: Transaction 1 would have the confirm on the right, while another transaction has it on the left.
I’ve noticed when a website asks for google account permissions, the “Allow” button or whatever is greyed out for a few seconds so that I actually read what I’m giving these websites access to.
Purchase should be the same.
Here’s my possible solution.
When the gui appears, “Buy Now” button could be disabled for 2 seconds.
After 2 seconds it would get enabled.
I mean come on, it’s simple.
Also the animation is not avoidable, you can notice it easily. It can’t be covered or “boosted” up.
Cooldown can’t be avoided with normal scripts.
Most buys are impulse buys, and email confirmation would piss a lot of people off (inlcuding kids whose parents email is atrached to the account). I think the best solution is making the confirm purchase gui to move down slower and the buy button to not be visible for a second after
fixing this is as simple as making purchases a 2-click process and not letting the button be in the same place for each click
edit: the delay on the button is a lot better of an idea
It would be better to track mouse click locations and the time they occurred at. ROBLOX could then determine if a user is being mislead into making a purchase and inform the user with an error informing them if they want to make the purchase they should try again.
All we need is a 1 or 2 second delay before the Buy Now button is enabled - no need to overcomplicate things. That’s enough time for anyone to react and stop spam clicking on that location, and also gives the player time to double-check the price of the product. Anything more than that would just make it a hassle to buy things and result in fewer legitimate sales.
creates copy of CoreGui and scams passwords
Agreed. [quote=“Cindering, post:29, topic:32044”]
1 or 2 second delay
[/quote]
Yeah.
One of my friends has fallen for one of these scams and ROBLOX Support have so far refused to refund him…
Never thought I’d see a form of tapjacking on ROBLOX. Clever.
“Oh they have to enter their password, let me just record the UserInputService stream”
A better solution would be a captcha like I suggested dozens of times before.
Or just a confirmation GUI that has the confirm button at a different position than the buy button (prevents users from accidentally also clicking confirm)
In what world is verifying that the user is not a robot a solution to this
Makes the user have to type in the captcha before the purchase goes through so that clicking the button doesn’t purchase the item. I said captcha, not recaptcha so it wouldn’t just be a single click and would be better for preventing a forced purchase than leaving it how it is.
Another fun trick 
. (this should be fixed by prioritizing the CoreGui, though)
on xbax tho?
