Show HN: I made a scam detector and build a public database for it

[ngalongc]

We think this is helpful because scams are getting more out of hand than ever, so we wanted to build a tool that can help people to identify scams instantly and ALSO creates a large dataset to "train" everyone's brain on scam detection patterns. After browsing 10-20 scams, anyone can quickly learn what indicators to look for in subtle (or not so subtle) scams.

1. Upload screenshot of anything you think is suspicious 2. GPT-vision goes to work, extract text and analyze the screentho and give you an instant result 3. Each upload adds to a growing public database, letting everyone to see and learn from real-world scam patterns.

Try it out, contribute a recent scam that you've received lately, and hopefully this could help more people.

[not_your_vase]

You know how would this be extremely useful? If it was built into the browsers (like the deceptive website warning) and into chat apps - and it would warn real time, as the scam happens. I guess there are some value in this form too, but it's more like after-the-fact analysis for the majority of the users (you either know right away that it's a scam, or you start thinking later "oh... was I just scammed? let me try investigating".

Of course I realize the privacy questions this raises... but still.

[ngalongc]

That's indeed a good idea, we definitely share the same thought process as you, because we built AntiPhish.AI exactly in the way you described it. It is a Chrome extension specifically for gmail inbox security, it gives red flags when it see any scam attempts.

About the privacy concerns, we gave a lot of thought about it as well, for now we just pass everything to openai and leave nothing in our system, but in the future we think the best way to handle privacy is open source AntiPhish.AI so that everyone can self-host their own anti-phishing solution.

[bradknowles]

If I wanted to phish for personal information that I could use for other attacks, I would set up a public service where people could send all their apparent scams and then go looking for all the personal data that is leaking through.

I could even make it seem legit by using the collected data to block any of my competitors, and only “accidentally” allowing through the attacks that I make or that are made by my real customers.

[ngalongc]

Thank you for leaving a comment, appreciate it! I'm trying to understand what you're saying.

It seems like you are suggesting our database (public service) could be used for our own benefits? By "our own benefits", you are suggesting https://antiphish.ai can take advantage from the screenshots users uploaded, because now we know what scams are running hot in the market, and then we can cross check what works and what does not work.

And because this is a Chrome extension, we can now use the insight we've collected to block other scam attacks and only deliver the scam attacks that AntiPhish.AI makes or AntiPhish.AI's customers make. By customers, you mean other scammers that has a professional relationship with AntiPhish.AI, with the purpose of delivering effective scams using AntiPhish.AI's insight.

I really like your way of thinking, I'm pretty sure you won't fall for scams easily, because you surely do have a sharp mind and good at connecting the dots.

The truth about AntiPhish.AI is, we've been working in the security industry for many years, and always wondered how it feels like to have a company of our own. Especially tech company, and because helping others to spot scams seems like a valuable and profitable business, that's why we chose to pursue this path.

While we can write good softwares, but we're not so good at marketing. This is why we created this tool, this post, after learning the fact that one of the things we can do for marketing a business is creating free tools.

That's how this idea comes alive, no crazy 3d chess agendas, just plain, SEO marketing effort, with a hope to provide some values for people that could fall victims to scams.

I hope this clears up the intention of why we created this tool. Cheers and have a great day!

[bradknowles]

For me, the most important thing is to think about what data you’re sharing with third parties, and how that data might be abused.

Or maybe that third party doesn’t abuse it themselves, but they’re vulnerable to someone else stealing it, and landing you back into HaveIBeenPwned yet once again (I think I’m up to 17 times on HIBP so far).

I think about this any time I use a service like DeleteMe, or Optery, or 1Password, or any other third party service where I might be sharing potentially sensitive information. And I very carefully select the third party services that I use which might have sensitive data shared with them.

Then I like to try to ensure that I minimize what data that I share with these third parties, especially data that is shared automatically — like a log of every single URL that I visit.

I’m a lot more willing to use tools that work 100% locally and don’t share any data with any remote service, even if those tools do not provide all the same levels of service that can be provided by the remote service. For example, I would never voluntarily enable something like Microsoft Recall, but I might be willing to use a local-only program that recorded periodic snapshots of every URL that I visit and make that information locally searchable, so that I can roll the clock back and see what I may have been doing at some time in the past.

The problem here is not that the data is collected, or that it is collected locally, but how that data might be able to be abused by others once it is shared with a third party.

[ngalongc]

Your comment's giving AI vibes too.