Scan My SMS

Get the confidence you need from your SMS. Our platform strives to address the challenge of distinguishing genuine SMS messages from fraudulent ones, which can be extremely challenging.

Comment

Inspiration

In Israel, the issue of scammers utilizing SMS to spread deceptive and fraudulent campaigns has become a significant concern. These unscrupulous individuals target unsuspecting individuals through text messages, attempting to trick them into divulging personal information or falling for their deceitful schemes.

The magnitude of this problem is evident in the frequency of inquiries received on a daily basis. People from all walks of life, ranging from concerned citizens to businesses and organizations, find themselves questioning the legitimacy of the SMS messages they receive. The pervasive nature of these scam campaigns has created a sense of uncertainty and caution among the population, as they strive to protect themselves from potential harm.

We wanted to solve this problem for our community - that's why we opened ScanMySMS as a volunteering project, for free of-course.

What it does

Our platform is specifically designed to prioritize the safety and security of SMS messages. As part of our comprehensive approach, we have implemented a robust scanning mechanism to meticulously examine the URLs embedded within these messages.

Our platform will scan the links within the SMS via multiple methods:

  • Chromium based automation using Playwright to navigate through all pages and redirects.
  • Third-party reputation websites (powered by Pangea.Cloud)
  • Certificate checking
  • Army of volunteers that enhance detection by manually checking suspicious URLs in case the automation failed to detect it.

Our team constantly updates our extensive database of known malicious URLs, staying ahead of the ever-evolving tactics employed by scammers and cybercriminals. This proactive approach ensures that our platform remains highly effective in safeguarding users from potential phishing attempts, malware distribution, and other fraudulent activities.

With our platform, users can confidently engage with SMS messages, knowing that our rigorous scanning process is working tirelessly in the background to shield them from potential threats. We remain dedicated to the ongoing enhancement of our scanning capabilities, employing cutting-edge technologies to combat emerging risks and ensure the utmost safety of our users' digital experiences.

How we built it

Our product consists of two primary services:

Server - Powered by NextJS, this server hosts the product and handles communication with our database. It is responsible for serving all the necessary APIs required by the frontend and the scraping worker.

Worker - This service retrieves pending websites from the server, conducts website validation using a Chromium browser (with Playwright), communicates with Pangea.Cloud APIs to enhance the data, and subsequently returns the enriched information back to the server.

We are using four types of APIs from Pangea.Cloud:

  • Geolocation services (based on IP)
  • URL reputation
  • Domain reputation
  • IP reputation

Challenges we ran into

While building our project we ran into multiple challenges. For example:

  • How to efficiently process malicious URLs and scan the websites behind them.
  • How to utilize modern headless browsers in a safe and efficient way,
  • How to protect our systems from malicious attacks and exploits.

Accomplishments that we're proud of

We are very proud in the final product. It can reliably scan and provide verdict to users who just want to know the legitimacy of their SMSs. The Playwright automation combined with Pangea.Cloud reputation APIs enable us to provide best-in-class verdicts to our community.

We are also very proud in the "army" of volunteers we were able to gather that believe in our mission.

What we learned

Through this project we learned quite a bit! we learned how to work with modern chromium based automation and how to efficiently harness it to our benefit. We also learned that detecting malicious URLs and websites is a real and challenging problem to solve.

What's next for Scan My SMS

  • Add Whatsapp and Telegram bots that users can easily interact with
  • Add "dashboard" page to easily manage all SMS
  • Improve our Playwright automation to ignore certain types of media such as ads, movies, etc. mostly to save bandwidth.
  • Add more volunteers to our Telegram management group to classify links that "fell between the cracks" and couldn't be classified automatically.

Input Examples

Good SMS - Whitelisted

Walter, your package has arrived. The package tracing code is XYZ123. Please tap here to confirm your shipment address - https://tinyurl.com/scanmysmsdemogood

Good SMS - API benign

Walter, your package has arrived. The package tracing code is XYZ123. Please tap here to confirm your shipment address - https://google.com

Bad SMS - Malicious (real)

CONGRATULATIONS! You won the lottery. Your friend Daniel wants to connect with you. Both of you can redeem the prize when you APPLY HERE: https://rb.gy/fbrod

Built With

Share this project:

Updates