Inspiration

Newcomers to Canada — immigrants, refugees, and international students — are disproportionately targeted by fraud. The reason is structural: they're often unfamiliar with how Canadian institutions like the CRA, IRCC, and banks actually communicate. Scammers exploit exactly that gap, frequently by implying that a tax problem or a paperwork issue could threaten someone's immigration status. A fake "CRA arrest warrant," an unlicensed consultant guaranteeing permanent residency, or a job offer asking someone to cash a cheque can feel especially convincing to people still learning the system.

As an international student myself, I’ve seen how confusing Canadian systems can initially feel, especially around immigration, taxes, banking, and official communication. That uncertainty creates the exact conditions scammers exploit. I didn’t want to build just another generic scam detector; I wanted to build something specifically grounded in Canadian fraud patterns and designed around the newcomer experience.

What it does

SafeRoute AI helps newcomers to Canada quickly determine whether suspicious messages, consultant claims, or job offers are legitimate or fraudulent.

A user pastes any suspicious message — an email, job offer, housing listing, immigration consultant claim, or text — and SafeRoute AI returns a structured analysis:

  • A risk score (0–100), risk level, scam category, and confidence level
  • A red flag breakdown, with each warning sign explained in plain English
  • A "Why this targets newcomers" explanation specific to that scam type
  • Recommended next steps that are safe and concrete
  • A visible citation of the Canadian source patterns the analysis relied on

It also includes a consultant verification feature. Users can check an immigration consultant by name or RCIC number against a CICC-style register, receiving a clear verdict — verified, suspended, revoked, or not found.

Crucially, the analysis flow links directly into verification. When a suspicious message involves a consultant, the result guides the user toward verifying them immediately.

The system also correctly handles legitimate messages as low-risk because a tool that labels everything a scam quickly becomes untrustworthy.

How I built it

SafeRoute AI is deliberately not just a thin wrapper around an LLM. It uses a three-stage pipeline:

  1. Grounding (RAG)
    A retrieval service scores a curated dataset of Canadian scam patterns sourced from the Canadian Anti-Fraud Centre, IRCC, the CRA, the RCMP, and the College of Immigration and Citizenship Consultants against the pasted text and surfaces the most relevant matches.

  2. LLM analysis
    Those grounded patterns are injected into a structured prompt so the model reasons from real Canadian fraud data rather than relying purely on its priors. The model runs in JSON mode, and every response is validated against a strict schema with retries on failure.

  3. Verification
    A separate service checks immigration consultants against a CICC-style register integrated directly into the workflow.

The frontend was built using React and Vite, while the backend uses Node.js and Express. The OpenAI API powers the analysis layer, and Zod handles schema validation. The frontend is deployed on Vercel and the backend on Render.

Challenges I ran into

The biggest challenge was avoiding the "AI wrapper" trap. I wanted the LLM to be one component of a larger system rather than the entire product. I solved this by building the grounding layer and consultant verification system as first-class features while also making the grounding visible in the UI so users can clearly see that the analysis is anchored in Canadian fraud data.

Getting reliable structured output from the LLM also required careful engineering. I used JSON mode, strict schema validation, and retry logic so malformed responses never break the experience.

I also did a verification pass on Canadian regulatory terminology during development, confirming for example that the immigration regulator is now the CICC and that licensed consultants are RCICs, so the product wouldn’t ship outdated information.

Finally, time constraints forced strict prioritization. I deliberately cut OCR, authentication, and database persistence so the core experience could feel polished and reliable within the hackathon timeline.

Accomplishments that I'm proud of

  • Building a genuine system around the LLM instead of a simple wrapper
  • Creating an analysis-to-verification workflow that turns detection into action
  • Designing the product to correctly identify both scam and legitimate messages
  • Building a calm, trust-focused interface for potentially anxious users
  • Making the grounding layer visible so users understand where the analysis comes from
  • Successfully deploying the full stack application publicly during the hackathon

What I learned

I learned that the most valuable AI systems are grounded ones. Connecting the model to curated, sourced knowledge makes the results far more reliable and trustworthy.

I also learned how important UX is for safety-focused products. Tone, clarity, calm design, and honest low-risk handling all directly influence whether users actually trust the result.

Most importantly, I learned the value of ruthless prioritization during hackathons. A smaller, polished, well-grounded product is significantly more impactful than an overly ambitious but unfinished one.

What's next for SafeRoute AI

  • Integrating the live CICC public register for real-time consultant verification
  • Expanding the scam-pattern dataset and adding embedding-based semantic retrieval
  • Adding multi-language support for newcomers more comfortable in other languages
  • Supporting OCR for screenshot-based scam analysis
  • Building a community-reported scam database to track emerging fraud patterns in real time

Built With

Share this project:

Updates