About the Scam Message Scanner
23 detection checks running entirely in your browser. Validated across 351 cases / 7 UK scam categories. Macro precision 98.5%, recall 98.5%, F1 98.5%. No data leaves your device.
Last reviewed: 17 May 2026 · ScamSupport research
What the scanner does
Paste a suspicious email or SMS into any "Scan X email/message" page on this site. The scanner analyses the text against 23 detection patterns and returns one of five verdict tiers:
- Looks safe — no scam patterns detected. Always verify the sender independently.
- Low risk — weak signals only.
- Possible scam — review carefully. At least one moderate signal fired.
- Probable scam — multiple findings. Do not act on this message.
- High-risk scam detected — strong signals. Do not click, do not reply, do not pay.
Each verdict comes with the specific findings that triggered it — so you can see why the scanner flagged the message and verify the signals against your own judgment.
The 23 detection checks
The scanner aggregates signals across:
- Sender-domain analysis — Levenshtein typosquat distance against ~95 known legitimate UK brand domains
- Brand-impersonation detection — brand name in text vs URL hostname mismatch
- Suspicious-link analysis — typosquat domains, suspicious TLDs (.online, .live, .xyz, etc.), URL shorteners, excessive subdomains, IP-address URLs, punycode, brand-name in non-official hostnames
- Urgency + threat markers — "within 24 hours", "final notice", "legal action", "account suspended"
- Sensitive-information request — context-aware password/PIN/sort-code/account-number/seed-phrase/recovery-phrase detection
- Business Email Compromise (BEC) — executive-impersonation + financial-mechanism + urgency three-way AND-gate
- Investment-pitch detection — institutional sender + investment-vocab + low-friction CTA
- Callback-pattern detection — brand + phone + callback ask + urgency/threat, with defensive-context exemption for legit fraud-alert messages
- Job-offer / mentor-pitch detection — earnings claim + upfront fee + informal tone
- Brand-suspended / account-suspended, prize-fraud, advance-fee fraud, heritage / inheritance, family-impersonation ("Hi Mum"), attachment-language, fake regulatory approval (FCA / FOS / etc. claims)
- ML model — logistic-regression aggregator over the heuristic features for borderline-shape detection
- Community DB + NCSC email-auth + threat-intelligence — supplementary async checks (best-effort)
Validation
Each detection class is validated against a hand-crafted test set with labelled positive and negative cases. Tests run the actual production worker.js via a Node CLI harness (production-truth testing — no port, no shim).
Final cross-category results (17 May 2026)
| Category | Cases | Precision | Recall | F1 |
|---|---|---|---|---|
| Banking smishing (UK retail banks) | 55 | 100% | 100% | 100% |
| HMRC phishing | 50 | 96.55% | 100% | 98.25% |
| Parcel smishing (Royal Mail, Evri, DPD, etc.) | 50 | 100% | 100% | 100% |
| Account-suspension (Amazon, PayPal, Apple, etc.) | 50 | 100% | 100% | 100% |
| Gov-agency (DVLA, NHS, DWP, TV Licensing) | 50 | 100% | 100% | 100% |
| Crypto wallet drainer | 48 | 96.43% | 93.10% | 94.74% |
| Advance-fee / job-offer | 48 | 96.43% | 96.43% | 96.43% |
| Macro-averaged | 351 | 98.49% | 98.50% | 98.49% |
Five of seven categories at perfect 100/100/100. The remaining categories sit just below — primarily on edge cases (novel scam patterns not yet covered, or genuinely ambiguous messages that even a human reviewer would struggle with).
Privacy — the scanner runs entirely in your browser
- Your message text is processed inside your browser via a Web Worker
- No message content is sent to SignalTools, our servers, or any third party
- No analytics on the message content (Google Analytics only tracks page visits with Consent Mode v2 default-denied)
- No saved history of scanned messages
- If you reload the page, your scan result and the message are gone
This is by deliberate design. Many "free scam-check" tools harvest the messages you paste into them. The SignalTools scanner does not.
Limits + caveats
- The scanner provides a signal, not a verdict. A "looks safe" result is not a guarantee the message is legitimate.
- Always verify the sender independently before clicking links, sharing details, or making payments. Use the phone number on the back of your card or the published contact details from the brand's official website.
- The scanner is calibrated against UK scam patterns. Non-UK scam shapes may be under-served.
- Adversarial messages crafted specifically to evade the detection patterns can pass through.
- The validation set is composite (no real victim PII). Real-world false-negative rate is unknown.
Open methodology
The full source is at github.com/AkVin-design/akh in signaltools-hub/scamsupport/worker.js. The validation cases are in signaltools-hub/tests/. Anyone can:
- Reproduce the precision / recall numbers
- Add additional test cases
- Critique the detection rules
- Propose patches via corrections@signaltools.org