Scamurai: AI-Powered Scam Detection

Tech Stack
Low Risk Scam
High Risk Scam
Training Dojo
Training Dojo Bad
Training Dojo Good
Training Dojo Results

Inspiration

As internet users, we’ve seen countless stories of elderly people where one suspicious link has led to a drained bank account. From fake refund emails to urgent "family in trouble" WhatsApp messages, online scams are everywhere. Yet, most users lack tools that warn them before it’s too late.

We asked ourselves:
“What if we could build an AI that warns you before you get scammed — and teaches you how to avoid it in the future?”

That question led us to build Scamurai — a lightweight Chrome extension that defends users from scams and trains them to recognize them independently.

What it does

Scamurai is a real-time scam detection and training tool, built into a simple Chrome extension. It:

Scans emails and messages in real time on platforms like Gmail and WhatsApp Web
Assigns a threat level (Low, Medium, High) using Gemini-powered analysis
Explains the red flags in plain English — like urgency, impersonation, or fake links
Trains users in a simulated “Scamurai Dojo” — where they practice identifying scams in realistic environments
Works without storing any personal data, respecting user privacy

Scamurai bridges the gap between passive tools and user awareness — combining detection and education in one tool.

How we built it

Scamurai combines two core systems: a browser extension and a React training app.

Browser Extension

Frontend: JavaScript, HTML, and CSS for the floating UI and popup interface
Content Scripts: Extracts visible text from Gmail and WhatsApp Web
Backend: Python Flask API handles routing and analysis
Gemini API: Used to analyze messages and return:
- Scam classification
- Risk level
- Explanation and red flags

Training Dojo

React frontend with styled-components for modular styling
Simulated email and chat environments with custom-built Gmail/WhatsApp-like components
Context-based state management for progress tracking
Feedback system with correct/incorrect explanation overlays
Custom loaders, animated transitions, and UI polish for accessibility

The AI integration was prompt-engineered to emphasize scam traits and produce non-technical explanations.
We focused on lightweight performance, seamless UX, and trustworthy AI outputs.

And the best part is, it speaks to you like a samurai!

Challenges we ran into

Precision in scam detection: Crafting Gemini prompts that balance false positives vs. user safety
Context awareness: Messages are short and nuanced — teaching the AI to detect intent required iteration
Dojo realism: Simulating Gmail and WhatsApp layouts in a way that feels familiar and functional
Performance: Making sure scans return results quickly without interrupting user experience
UX balance: Designing a UI that warns users clearly — without being intrusive or fear-driven

Accomplishments that we're proud of

Built a fully working scam detection pipeline with Gemini-generated reasoning and custom threat scoring
Developed a complete training simulator to improve long-term scam awareness
Created a system that works across two major platforms — Gmail and WhatsApp Web
Achieved a clean, non-invasive UI that’s friendly to non-technical users
Ensured privacy-first design — no message data is stored permanently

What we learned

This project taught us:

The importance of prompt engineering when working with general-purpose LLMs
How to turn natural language cues into structured scam detection
That protecting users isn’t just about technology — it’s about communicating clearly
How to balance AI automation with user control, especially for older users
That education and prevention go hand-in-hand when it comes to cybersecurity

Most importantly, we learned that real protection requires a layered approach — proactive detection + user empowerment.