Team Name

Tanya Drakalski

Team Members

Project Description

ScamLens Pro represents the future of scam detection - combining government guidance, community intelligence, and advanced AI to protect Australians from scams while minimising false positives.

Data Story

ScamLens Pro — Building Digital Confidence, One Page at a Time

A working, privacy-first Chrome extension that helps Australians spot and report scams in real time.

Why this matters (Australia, at a glance)

Scams are a daily reality for Australians and a major barrier to meaningful participation online. Losses remain high and reports are widespread. Older Australians (65+) report the highest losses, followed by adults in mid-life — groups often targeted by fast-moving, sophisticated scams.

Screenshots below are taken from Scamwatch statistics.

The challenge I’m addressing

How can communities, governments and organisations enhance digital safety and trust to protect vulnerable populations and enable secure, meaningful engagement with digital platforms and data?

I answer this with a deployable tool that works where harm occurs — in the browser, at the moment of risk — while grounding decisions in government data and open-source threat intelligence.

What ScamLens Pro is

Privacy-first Chrome extension that flags risky websites and messages in-context, explains why they look suspicious based on data ingested from Australian government websites and guides Australians to what to do next in two clicks.

ScamLens Pro is live and working as a Chrome extension today.

What it looks like in action

What you’re seeing: a clear banner (Green / Amber / Red) explaining why the page looks suspicious, Patterns highlighted to show the exact cues, and a one-click path to Report to Scamwatch.

🎯 The Detection Process

🔍 First Line of Defence — Community Watchdogs

• We check every website you visit against lists of known bad sites.
  
• These lists are maintained by security experts and volunteers worldwide.
  
• Think of it like checking if someone is on a “most wanted” list.

🤖 Second Line — AI Brain Analysis

• Our AI system reads the content of web pages like a human would.
  
• It looks for suspicious patterns, urgency tactics, and scam language.
  
• It learns from your ACCC and Scamwatch rules to understand Australian scams.

🛡️ Third Line — Smart Context Checking

• We analyse the context: Is this a trusted website? Does the request make sense?
  
• We check if the website is trying to rush you or pressure you.
  
• We look for red flags like requests for gift cards or unusual payment methods.

📊 Final Decision — Confidence Scoring

• All the information is combined to give you a risk score.
  
• Red = High risk, Amber = Medium risk, Green = Low risk.
  
• We explain exactly why we flagged something and what you should do.

🛠️ Open-Source Libraries & Services We Use

Think of these like trusted tools that help us detect scams — similar to how a security guard uses different equipment to protect a building.

🔍 Phishing Detection Services (the “Watchdogs”)

1. URLHaus (Community Blocklist) — https://urlhaus.abuse.ch

   • What it is: A free service that collects known bad websites from around the world.
     
   • How it works: Like a neighbourhood watch — people report suspicious websites, and we check against this list.
     
   • Why it’s useful: Catches websites already flagged by security researchers.

2. PhishTank (Community-Driven Detection) — https://phishtank.org

   • What it is: A free database of phishing websites maintained by volunteers and security experts.
     
   • How it works: Similar to URLHaus, but specifically focused on phishing (fake login pages, etc.).
     
   • Why it’s useful: Helps catch fake banking sites, fake social media logins, and other phishing attempts.

3. OpenPhish (Automated Detection) — https://openphish.com

   • What it is: A free service that automatically finds and lists phishing websites.
     
   • How it works: Uses automated scanners to find suspicious patterns across the internet.
     
   • Why it’s useful: Catches new phishing sites quickly, often before humans report them.

4. Cisco Talos Intelligence (Enterprise Security) — https://www.talosintelligence.com/reputation

   • What it is: A free threat intelligence feed from Cisco, a major cybersecurity company.
     
   • How it works: Provides lists of known malicious IP addresses and domains.
     
   • Why it’s useful: Adds enterprise-grade security intelligence to our detection.

5. Emerging Threats (Community Rules) — https://community.emergingthreats.net

   • What it is: A free, community-maintained database of security rules and threat indicators.
     
   • How it works: Security experts worldwide contribute rules for detecting various threats.
     
   • Why it’s useful: Keeps us updated with the latest threat patterns and attack methods.

Who benefits (and how)

• Older Australians & new internet users: calm, plain-English guidance at the moment of risk
  
• Community organisations & government services: greater trust and uptake of digital channels
  
• Educators & support workers: a practical tool to teach safe online behaviour using real, in-the-wild examples

What happens after a detection?

• I show the reasons (e.g., misspelt domains, gift-card payment requests, brand impersonation)
  
• I highlight patterns directly on the page to teach the tell-tales
  
• I guide next steps (don’t pay, don’t click, verify with the organisation)
  
• I provide a two-click path to report to Scamwatch (pre-filled where possible)

What’s next (practical, scalable steps)

• Senior-friendly rollout: bundle ScamLens Pro for libraries, community centres and aged-care digital support
  
• Browser/ISP partnerships: pre-install or recommend at first-run to reach non-technical users
  
• Education kits: short lessons using real page highlights; translate for multilingual communities