The Scam Message Scanner uses a multi-layered analysis approach to identify scams, phishing attempts, and fraudulent messages. All analysis happens locally in your browser—no data is sent to any server.
The Scam Message Scanner combines all detection layers into a 0-100 risk score:
| Risk Level | Score | Meaning |
|---|---|---|
| Safe | 0-14 | Appears legitimate |
| Low | 15-29 | Minor suspicious elements |
| Medium | 30-49 | Multiple warning signs |
| High | 50-74 | Strong scam indicators |
| Critical | 75-100 | Very likely a scam |
The eight detection layers above are features — the raw signals extracted from a message. They are not the verdict on their own. The Scam Message Scanner feeds those features, plus seven more (sender-domain reputation, attachment hints, link-to-text ratio, suspicious-TLD count, capitalisation anomalies, financial-amount mentions, and brand-mismatch flags), into a small two-layer neural network trained on roughly 5,200 labelled examples of known scams and known-legitimate messages.
The network was trained for 100 epochs using the Adam optimiser, with a held-out test set producing 94% accuracy, 92% precision, 96% recall, and a ROC-AUC of 0.98. In plain language: when the model says a message is a scam, it is right roughly 92% of the time, and when a message really is a scam the model catches it 96% of the time. We deliberately tuned for high recall so that obvious campaigns are not missed, even at the cost of occasional false positives on borderline-legitimate marketing emails.
The model runs entirely in your browser — about 18 KB of weights are loaded once and cached. Inference takes 2–3 milliseconds per message on a modern phone or laptop. Nothing is uploaded; if you want to confirm this, open your browser's network tab while you run a check and you'll see no requests fired during analysis.
The 0–100 risk band exists because real-world messages sit on a spectrum. A genuinely transactional email from your bank usually scores 0–10. A delivery notification from a courier you do use might score 15–25 because it contains a tracking link. A "your account has been suspended" email impersonating a major brand will typically score 60–90, depending on how well-crafted it is. The score is meant to be informative — a 35 isn't a scam alarm, it's a flag that two or three suspicious patterns combined and you should look more carefully before clicking anything.
If you ever see a score that surprises you — a high score on a message you're confident is real, or a low score on something that turned out to be a scam — please report it through the report page. Those misclassifications are the single most useful training data we get.
The Scam Message Scanner is designed with privacy as a core principle. All analysis happens locally in your browser — no messages are sent to any server, no account is needed, and no data is collected or stored.
While the Scam Message Scanner is effective, no detection system is 100% accurate. Sophisticated scams may evade detection, and legitimate messages can occasionally trigger warnings. Always use your own judgement and, if unsure, contact the organisation directly through verified channels.