Methodology
Risk scoring
Each scan produces a 0–100 risk score from weighted fraud signals (high-severity signals such as OTP-sharing requests, fake-payment/QR, and suspicious links weigh more than warnings), entity risk (link shorteners, UPI handles, phone numbers), and brand-impersonation findings.
Confidence calibration
We deliberately avoid over-confidence: a strong claim on thin evidence is pulled toward neutral and its confidence reduced; corroborating evidence (multiple independent signals, a match to a known scam campaign, deep AI-vision agreement) raises confidence. Low-text inputs fall back to a “needs review” state.
Brand impersonation
Domains and emails are tested for typosquatting (edit distance), homoglyph/punycode attacks, separator insertion, wrong-TLD clones, and deceptive subdomains against a watched brand list. Verified first-party and official domains are recognised and not flagged unless strong fraud signals are present.
Known-scam matching
Extracted text is embedded and compared (vector similarity) against a corpus of known scam campaigns, so a new message can be linked to an existing pattern with a confidence band.
Limits
ScamCheck is automated and can produce false positives and false negatives. It is decision support, not a guarantee. Always verify through official channels, and never share OTPs, PINs, or passwords. This is not legal or financial advice. Built by A Square Solutions.