Inspiration
A newcomer who arrived in Canada three months ago gets a WhatsApp message from someone claiming to be a recruiter. "$75/hr, work from home, no experience needed, send $300 in gift cards for your home-office setup, and we'll reimburse you on your first paycheck." It sounds plausible. It mirrors the format of the real job offers they've been getting. They don't yet know the signals that mark it as fake — and they're reading it in their second language.
This happens thousands of times a day, and it's getting worse. The FTC reported $521 M lost to remote job scams in 2026 — roughly tripling in four years. McAfee tracked a ~1,000% spike in job scam volume in May–July 2026 alone. The World Economic Forum flagged AI-powered remote-work scams as a growing threat in late 2025. And newcomers absorb the worst of it: 2.2× more likely to be defrauded than other Canadians (38% vs 17%, Scotiabank 2024 Fraud Poll). 70% feel more susceptible to fraud; only 22% would know how to respond.
Remote work is one of the most powerful pathways to economic inclusion for newcomers — and that's exactly why the scams targeting it do so much damage.
The tools that exist — Norton Genie, McAfee Scam Detector, Bitdefender Scamio — are English-only. They score or block. They don't explain what's wrong, they don't teach, and they have no concept of what a Canadian remote job offer actually looks like. They definitely don't help you identify legitimate opportunities.
We built Landed because the question isn't just "is this a scam?" It's "Is this real?" And we built it to answer both — for everyone, in any language.
## What It Does
Landed has two pillars: a verifier that tells you whether one opportunity is real, and a Community Wall that turns everyone's verdicts into shared protection.
### Pillar 1 — The verifier
Paste any remote job posting, recruiter message, or job offer. Landed returns:
- A verdict:
legitimate,questionable, orlikely_scam. - A legitimacy score: 0–100, where 100 means clearly legitimate and high-quality
- Green flags: signs the role is real and high-quality, each quoting the exact phrase from your message and explaining why it's a positive signal — highlighted inline
- Red flags: scam or low-quality signals, each with the exact quote and explanation — also highlighted
- Verification checklist: concrete steps to confirm this specific opportunity before you apply
- Where to find verified roles: Government of Canada Job Bank (jobbank.gc.ca), official company career pages, reputable boards
- A teach moment: one thing to carry forward so you need us less next time
- Report link: for scam results, a direct link to the Canadian Anti-Fraud Centre
- Career CTA: for those who want to turn this into a career, a link to Cyber Nations' CyberNauts cybersecurity program
By default, the entire response comes back in the same language as the pasted message — paste in Spanish, French, Tagalog, or Arabic, and the analysis is automatically in that language. You can also choose your own output language from a selector (English, Français, Punjabi, Tagalog, Mandarin, Hindi, Arabic, Spanish), so you can read the verdict in the language you think in, even when the posting is in another language.
Privacy by design. By default, pasted messages are never stored or logged. The Worker calls the AI model, returns the result, and discards the input.
### Pillar 2 — The Community Wall: newcomers protecting newcomers
This is our most original feature. A scam that fools one newcomer is almost always sent to hundreds more. So after any verdict, the user can tap "📢 Share anonymously to warn others."
That posts an anonymized, PII-redacted one-line snippet to a public live feed. Each card shows the verdict, category, legitimacy score, the redacted snippet, the language, time-ago, and an "I got this too 👀" reaction counter — instant social proof and a real network effect. A live ticker shows aggregate stats, and a "Scam Pulse" bar surfaces the trending threats this week.
Privacy is built into the architecture, not bolted on: sharing is strictly opt-in, contact identifiers (phone numbers, emails, @handles, links) are stripped server-side before anything is saved, and aggregate counters store numbers only, never message content.
One person's catch becomes a warning for the whole community — a social safety network for remote-job legitimacy, built by the people most at risk.
## How We Built It
The core is a single Cloudflare Worker in TypeScript — routing, input validation, the AI call, and static asset serving in one file. No separate backend, no login.
The AI is @cf/meta/llama-3.3-70b-instruct-fp8-fast via Cloudflare Workers AI — a multilingual 70B model on the free tier, no API key. We chose it
for multilingual strength and structured-output reliability.
The most important file is src/prompt.ts. It carries (1) grounding knowledge — what legitimate Canadian remote jobs look like, trusted boards, and
verification sources (Job Bank, official career pages), IRCC/CRA context, and known scam patterns (WhatsApp recruiters, gift-card reimbursement, upfront
equipment fees, SIN harvesting); and (2) a JSON response_format schema so the model returns a typed object instead of prose we'd have to parse.
Input is validated at the boundary, with a graceful fallback if structured output fails.
Analysis runs on Cloudflare Workers AI (a third-party processor); the verifier stores nothing by default — only opt-in shared excerpts are stored, after
redaction. The Community Wall is backed by Cloudflare D1 (SQLite) behind four endpoints (/api/share, /api/feed, /api/react, /api/stats),
redacting contact identifiers server-side before any write. The feed is non-blocking — if D1 is down, the verifier still works.
We also ran a self-security-audit and hardened the app: per-IP rate limiting, body-size caps, security headers (CSP, X-Frame-Options), output-language allow-listing to mitigate prompt injection, and server-side redaction.
The frontend is vanilla HTML + Tailwind with a small script that highlights each flag's quote inline in your pasted text. No build step. One command to
deploy: npx wrangler deploy.
## Challenges We Ran Into
Designing for the legitimate case. Most scam tools find what's wrong. We also had to identify and explain what's right — green flags, quality signals, verification paths — which required grounding in what legitimate Canadian remote jobs actually look like.
Calibrating the legitimacy score. A Shopify posting should score very differently from a Gmail-only listing with no company name. Making the score meaningful and consistent — not just "high for anything alarming" — took careful grounding and testing.
Structured output across languages. The model sometimes replied in the system prompt's language instead of the user's. We iterated on explicit language-mirroring and fallback parsing.
Sharing without leaking. The Community Wall lets people warn each other without exposing contact details. Redaction runs server-side before any write; tuning it to be safe yet still leave the scam pattern recognizable, took care.
## Accomplishments That We're Proud Of
- We identify legitimate opportunities, not just scams — green flags, quality signals, a legitimacy score. This is the core of the theme, and it works.
- Per-opportunity verification checklist — specific to the role you pasted, not a generic list.
- Multilingual without configuration — and an optional output-language selector so you can read the verdict in your own language.
- Privacy by design, for real — verifier stores nothing by default; only opt-in, server-side-redacted excerpts are saved.
- Zero infrastructure overhead — one Worker, one model, one deploy command, entirely on the free tier.
- It teaches — every analysis ends with a takeaway, so people need us less over time.
- The Community Wall turns one catch into collective protection — opt-in, PII-redacted, real-time.
## What We Learned
The positive case is harder than the negative. Explaining why something is suspicious is straightforward; giving someone the confidence to trust a legitimate offer takes a richer knowledge base and careful calibration.
Grounding beats model size. A domain-grounded prompt for the Canadian newcomer context outperforms a generic prompt even on a larger model.
src/prompt.ts is the product, not just config.
Privacy framing resonates. "Your message is never stored" isn't just good engineering — it's a trust signal that matters deeply to this population.
Responsible AI means explicit uncertainty. For borderline cases, we surface "questionable" honestly rather than forcing a binary — more useful than false confidence.
## What's Next
- Community Wall v2 — filter by category, language, and region; trending-scam alerts; moderation tooling
- Job Bank integration — pull and pre-verify postings from jobbank.gc.ca in bulk
- Browser extension & WhatsApp bot — verify a posting in-context, no copy-paste
- Settlement-agency portal — bulk verification + reporting for ACCES Employment, COSTI, and similar orgs
- Protexxa integration — behavioral risk scoring for newcomer onboarding
- Expanded languages — Punjabi, Tagalog, Arabic, priority next
Educational tool — for guidance only, not legal or financial advice. Always verify job postings through official channels. Report fraud to the Canadian Anti-Fraud Centre. Verify government communications at canada.gc.ca.
Built With
- cloudflare
- cloudflare-d1
- cloudflare-workers
- html
- javascript
- llama-3.3
- sqlite
- tailwindcss
- typescript
- workers-ai
Log in or sign up for Devpost to join the conversation.