A new report on Roblox reveals how hackers and scammers are continuing to rip off kids

pcgamer.com:

In December 2021, the YouTube channel People Make Games shared new allegations claiming that the game and game-creation platform Roblox is unsafe for kids—its primary audience. For anyone not tuned into the Roblox scene, it was eye-opening: Literal children being swindled out of sometimes large amounts of money and work, a situation that Roblox appeared either unwilling or unable to address.

A new Vice report digs deeper into how it all happens: How «beamers,» as they're called in the Roblox community, are able to hack into Roblox accounts, strip them of valuable items, and then sell them on black markets. Phishing is a big problem, obviously, as beamers use generators to automatically create legitimate-looking pages targeting specific users or items, commonly shared with Roblox users via Discord. But there are more sophisticated schemes in play too. 

One common ploy is to offer to create a new avatar for the intended target or claim they're looking for paid help to develop a game, the goal being to gain access to the victim's .HAR file, and more importantly the login token it contains. A Google Chrome extension enables those tokens to be manipulated in order to gain access to targeted accounts; .HAR files contains a warning that explicitly states the risk of sharing it, but it often goes overlooked or ignored.

Beamers have also been able to gain control of targeted accounts by using fake Paypal screenshots to convince Roblox support that they're the proper owners, similar to the takeovers of «high-profile» FIFA accounts by hackers in January. One player told Vice he believes his account was compromised via «SIM swapping,» in which the victim's mobile carrier is tricked into sending texts and calls to a SIM card