Fraud & Social Engineering Analyzer
Paste a suspicious message, conversation, or offer. The analyzer scans for social-engineering principles (authority, scarcity, reciprocity), known scam playbooks (419, romance, pig butchering, tech support, money muling), manipulation markers (love-bombing, isolation, secrecy), and irreversible-payment red flags.
How to Use the Fraud Analyzer
- Paste the full message body, chat conversation, or job offer into the text area.
- The engine instantly groups findings by category: Social engineering, Scam playbook, Manipulation, Money / payment, Secrecy, Linguistic.
- Each signal includes an explanation of WHY this pattern matters and the matched evidence text.
- The aggregated risk score (0–100) tells you whether to throw the message away, reply with caution, or investigate further. A score above 45 generally means stop interacting.
- Use it together with the Phishing Detector (URL-aware) and the URL Scanner (link-only) for messages that contain links.
Taxonomy of Fraud Detected
Fraud is engineering. Like other engineering, it follows reusable blueprints. This analyzer recognizes the most common ones — the patterns that have repeatedly appeared across decades of consumer-fraud research, FBI/IC3 reports, FTC scam tracker corpora, and bank-side fraud telemetry. **Cialdini's six principles of influence** are the foundation. Authority (impersonating a CEO, police, tax authority), scarcity ('only 3 spots left'), reciprocity (free gift before the ask), commitment, social proof, and liking. Most modern scams stack at least two — a 'CEO' (authority) emailing about an 'urgent deal that expires today' (scarcity). **Scam playbooks** detected as composite patterns: the 419 / advance-fee scam ('inheritance + small fee to release'), romance scams (oil-rig deployment + medical emergency + wire transfer), pig butchering (guaranteed crypto returns + insider tips + fake friend success stories), tech-support scams ('your computer is infected' + AnyDesk install request), recovery scams (targeting prior victims with a 'refund department'), and crypto wallet drainers (seed-phrase or 'connect your wallet' requests). **Money-related red flags** sit between playbook and standalone signal: irreversible payment requests (gift cards, Western Union, Bitcoin ATMs, 'PayPal friends and family', Bizum, Zelle) and money-mule recruitment ('work from home receiving and forwarding payments'). These are nearly diagnostic — legitimate transactions almost never funnel through these rails. **Manipulation markers** detect the relational dynamics: love-bombing (intense affection from a stranger preceding a money request), isolation pressure ('your family won't understand', 'only I can help you'), and explicit demands for secrecy ('don't tell the bank'). These are used by romance scammers, abusive partners, and high-control groups alike — the analyzer flags the linguistic signature without diagnosing the cause. **Linguistic flags** are weak alone but reinforcing in combination: stilted phrases like 'kindly do the needful', 'May God bless you', 'Sir/Madam' headers — recognizable as template residue from scam scripts that have been translated and reused for years. No signal is conclusive on its own. The score combines them: high confidence comes from multiple categories triggering, not from any single hit.
Frequently Asked Questions
No. If you've been targeted, defrauded, or pressured, report to your local police, your bank's fraud line, and consumer-protection agencies (FTC in the US, AEPD/Policia Nacional in Spain, Action Fraud in the UK, IC3 for FBI). This analyzer helps you recognize the pattern; only authorities can investigate, freeze accounts, or pursue the perpetrators.
Severity reflects how diagnostic a pattern is. 'Kindly do the needful' is suspicious but appears in some legitimate Indian/SE Asian business correspondence. A direct request for a seed phrase, by contrast, is critical because no legitimate use case exists. Multiple low-severity signals stacking is what generates a high aggregate score.
The pattern library is bilingual (EN/ES) and catches the common cross-language scam keywords (e.g., brand names like PayPal, Microsoft, AnyDesk are universal). Other languages will trigger the brand and method patterns but not the linguistic ones. Open an issue on the project repo if you'd like additional languages added.
No. All pattern matching is regex-based and runs in JavaScript locally. There is no API call, no upload, no telemetry. You can paste private conversations or sensitive content with the same privacy guarantees as a local notepad.