Scam Sherlock

Scam Sherlock is a web-based tool that allows users to detect scam websites. Simply paste any URL into the input field, and the website will scan it for suspicious indicators.

Comment

Inspiration

Phishing scams are becoming more convincing every year, and many people struggle to tell the difference between a legitimate website and a malicious one. We were inspired by the idea of giving everyday users a simple tool that could help them investigate suspicious links before clicking on them. It was important for us to build something accessible and easy to use. The goal was to create a website where anyone could paste a link or a suspicious message and quickly understand the level of risk.

What it does

Scam Sherlock is a web application that allows users to paste a URL into an input box and scan it for signs of phishing or scam behavior. The system fetches the website’s HTML and analyzes it using the Gemini API to detect indicators such as suspicious language, deceptive forms, and social engineering patterns. It assigns a risk score from 0 to 100 and explains why the site may be dangerous. Users can also paste entire paragraphs, such as emails, so the system can extract links automatically and analyze them.

How we built it

We built Scam Sherlock with a simple frontend interface that allows users to submit either a link or a block of text. On the backend, the application retrieves the website’s HTML content and other relevant data, then structures that information for analysis. We use the Gemini API to evaluate the content for phishing indicators and return a structured response containing a risk score and explanation. For paragraph input, we implemented link extraction logic to identify URLs within the text and process them individually before aggregating the results.

Challenges we ran into

One of the main challenges was reliably fetching website content, since some sites block automated requests or redirect in unexpected ways. The time for a Gemini API scan was something we also wanted to improve. We implemented a database using Supabase to cache previous URL analyses so we can use the data for repeat URLs. For our text analyzer, extracting links accurately from unstructured paragraphs added another layer of complexity.

Accomplishments that we're proud of

We are proud that we built a working AI-powered phishing detection tool within the limited time of a hackathon. The system not only produces a numerical risk score but also explains the reasoning behind it in clear language. We successfully implemented both direct URL scanning and paragraph-based link extraction. Most importantly, we created a tool that is simple enough for non-technical users while still using advanced AI analysis behind the scenes.

What we learned

Throughout this project, we learned that AI models require careful prompt design to behave reliably and consistently. We also gained a deeper understanding of how phishing attacks operate, including the psychological tactics and technical tricks scammers use. Building under hackathon time pressure taught us how to prioritize core functionality and iterate quickly. We also learned that security decisions are rarely binary and that representing risk as a spectrum can better reflect real-world uncertainty.

What's next for Scam Sherlock

In the future, we want to expand Scam Sherlock into a more comprehensive security tool. Features such as a real-time browser extension that automatically flags suspicious links as users browse would greatly improve the capabilities of the website. Our long-term goal is to make Scam Sherlock a widely accessible tool that helps reduce the impact of phishing and online scams for everyday users.

Built With

Share this project:

Updates