Inspiration
Seeing our own parents being unsure of whether the message is a legitimate one, whether they should click on a link, or whether they should pick up a call, spurred us to create this tool. We understand that scammers tend to target the older population more, preying on their relatively low digital-savvy skills and higher savings. We figured if this tool can help our parents, it can help millions of people too.
What it does
ScamSense is a browser extension that protects users from phishing attacks and scams across popular communication platforms. It analyzes messages in real-time on WhatsApp Web, Telegram Web, Gmail, and Outlook providing instant threat assessments with actionable recommendations. ScamSense distinguishes between genuine threats, legitimate marketing, and casual conversations. Users receive color-coded alerts—red for high-risk scams with advice to "Block", "Report," or "Do not click on this link," which is a monumental advice for those who are unable to recognise scam emails, and green for safe conversational messages with "No Action Needed."
How we built it
ScamSense is a hybrid system combining a Chrome extension frontend with a Python FastAPI backend. The frontend uses content scripts to extract visible messages from active chat windows or email reading panes, employing platform-specific DOM selectors for each service. The backend leverages a Retrieval-Augmented Generation (RAG) architecture: ChromaDB stores known scam patterns (inheritance fraud, job scams, account suspension phishing), which are semantically searched when a new message arrives. This contextual knowledge is then fed to Gemini 3.0 Flash alongside the message content, enabling nuanced threat analysis. The backend returns a structured JSON response containing risk scores (0-100%), threat categories, sentiment exploitation types (Fear, Urgency, Greed), and specific recommended actions.
Gemini 3.0 Flash is the cognitive core of ScamSense. We used three critical features:
Contextual Analysis: Gemini doesn't just keyword-match; it understands semantic intent. By providing RAG-retrieved scam patterns as context, Gemini can identify subtle variations of known scams (e.g., inheritance fraud morphing from "UN/IMF compensation" to "lottery winnings").
Structured Output: We engineered precise prompts with JSON schema enforcement, ensuring Gemini returns consistent, parseable responses with risk scores, categories, and recommended actions. This reliability is essential for real-time UI rendering.
False Positive Intelligence: Gemini's internal knowledge base recognizes legitimate brands and their official domains without external search. When prompted to verify domain-brand alignment (Glassdoor sending from glassdoor.com), it correctly classifies marketing as Low Risk while flagging domain mismatches (e.g., glassd00r.com) as phishing.
Challenges we ran into
The most significant challenge was false positive reduction. Early iterations flagged legitimate emails from Glassdoor and LinkedIn as scams due to "unsolicited job offers" triggering urgency patterns. We solved this by enhancing the AI prompt to verify sender domain authenticity (e.g., noreply@glassdoor.com sending Glassdoor content) and explicitly categorizing verified legitimate senders as Low Risk.
Another challenge was multi-platform content extraction. WhatsApp Web's dynamic DOM structure required targeting div[role='row'] elements rather than just "copyable text," as the latter missed certain message types. Telegram Web had two versions (K and A) with different CSS class structures, necessitating fallback selector chains (.Message, .message, .bubble).
Rate Limits: Image generation is resource-intensive. To stay within API quotas, a "generate and store" strategy was implemented using Gemini. A 1-second cooldown was implemented on real-time requests.
Accomplishments that we're proud of
After many tries, the tool managed to accurately determine the sentiment behind the messages by scanning real time messages sent on WhatsApp/Telegram.
What we learned
False positives are more damaging than false negatives. Getting multiple false alarms will cause the user to stop trusting the tool entirely. We learned to prioritize precision (reducing false positives) over recall, especially for legitimate marketing emails and casual conversations.
- WhatsApp and Telegram change their DOM structures without notice. Building fallback selector chains and testing across platform versions ensured robustness. Lesson: Cross-platform tools require continuous maintenance, not just initial development.
What's next for ScamSense
ScamSense is a tool with a great amount of potential. We will be working on implementing this tool on Desktop apps such as Gmail and WhatsApp etc. This tool will then be optimised for a mobile interface, which can then be marketed and offered to users as a subscription model to protect them against scams.
Log in or sign up for Devpost to join the conversation.