Skip to main content

Blog Archive

ROBLOX Takes on Phishing Sites

April 16, 2012

by Taylor Whitmer


Phishing has been a problem since the inception of the internet, and in 1995 the term was first coined in a README doc for a popular hacking tool targeting AOL users. Recently, ROBLOX has seen an increase in phishing sites, and we wanted to communicate how we approach these sites. Phishing is a common method of online identity theft, and in our continued effort to make ROBLOX as safe as possible, we will be taking serious measures to ensure the security of our players. ROBLOX will press charges and utilize law enforcement to take down any phishing sites that threaten our site’s security.

What is Phishing?

Phishing attempts to acquire information such as usernames, passwords, or credit card details by masquerading as a trustworthy entity either through email communication or a website. We should also note that phishing is not a ROBLOX-specific issue, but rather it affects major websites on the internet, including sites such as eBay, Amazon, and others. Communications pretending to be from popular social websites, auction sites, online payment processors or IT administrators lure unsuspecting users into providing valuable personal information. Because of this, ROBLOX continually upgrades our security systems, and we police the site to guard against these intrusions. However, everyone should always be aware of providing sensitive information unless you can verify the source.

Does Phishing Violate Federal Criminal Laws?

Because phishing sites utilize false and fraudulent statements to deceive people into disclosing valuable personal data, phishing schemes may violate a variety of federal criminal statutes. In many phishing schemes, the participants may be committing identity theft (18 U.S.C. § 1028(a)(7)), wire fraud (18 U.S.C. § 1343), credit-card (or “access-device”) fraud (18 U.S.C. § 1029), bank fraud (18 U.S.C. § 1344), computer fraud (18 U.S.C. § 1030(a)(4)), and the newly enacted criminal offenses in the CAN-SPAM Act (18 U.S.C. § 1037). Phishing may also breach various state statutes on fraud and identity theft.

ROBLOX’s Response to Phishing Schemes

Since security and a great user experience are essential at ROBLOX, we work directly with criminal agencies to pursue and enforce a safe environment. The FBI has a mechanism to report potential phishing schemes, and ROBLOX utilizes this as part of our response. Our players may never hear about these enforcement actions, but be assured that ROBLOX management takes these threats seriously and takes action.

To help our users become more aware of what phishing sites look like, here is an example:

Compare the URL in this screenshot to that of, and you can easily see that something is incorrect here.  The bottom line is: any time you enter personal data into a page on the internet, double check the identity of the site you are using.