How accurate is ScamKit?

ScamKit uses pattern-based heuristics to flag known scam signals. It catches many common threats but cannot guarantee detection of every scam. Always verify important requests through official channels.

Does ScamKit collect my data?

Most ScamKit checks run entirely in your browser. URLs, messages, and phone numbers you paste are not stored on our servers. Optional server-side threat-intel lookups (Google Safe Browsing, AlienVault OTX, AbuseIPDB) send only the URL, never personal data.

How is the risk score calculated?

Each tool applies weighted rules to detect known scam signals — suspicious TLDs, IP-based hosts, urgency language, spoofed senders, and more. Points accumulate into a 0–100+ score. Scores above 70 are High Risk, 30–69 are Medium Risk, and below 30 are Low Risk.

Can ScamKit check text messages and emails?

Yes. The Message Checker analyzes SMS, email body text, and DMs for urgency cues, fake authority, threats, and suspicious links. The Email Header Analyzer checks raw headers for SPF, DKIM, DMARC authentication and sender mismatches.

Is ScamKit really free?

Yes. All core scanning tools are free with no signup required. Optional paid guides and Pro features are available for deeper investigations, but the scanners remain free forever.

ScamKit Scoring Methodology

Jump to Section

Scoring Overview URL Rules Email Rules Message Rules Phone Rules Advanced Rules Limitations

Scoring Overview

Each analysis starts at 0. Points are added when suspicious indicators trigger. Every triggered rule produces an evidence item explaining exactly why the score went up. Certain high-confidence combinations also apply minimum score floors to prevent dangerous signals from being diluted.

0–29: Low Risk 30–69: Medium Risk 70–100: High Risk 101+: Dangerous

When multiple high-confidence red flags appear together, scores are automatically escalated to a minimum floor. For example, 2+ high-confidence flags can escalate the minimum score to 70 (High Risk).

URL Analysis Rules

High Severity

Dangerous data: or javascript: URI95 floor

Homoglyph brand impersonation+45 pts

Misleading trusted-name subdomain+42 pts

Lookalike agency/brand domain+40 pts

Government-like domain without .gov+40 pts

Government payment impersonation pattern+38 pts

Host is an IP address+35 pts

Brand + keyword lookalike on suspicious TLD+35 pts

Dangerous file extension (.exe, .dmg, .zip, etc.)+35 pts

@ symbol in URL — credential trick+35 pts

Brand impersonation credential-bait pattern+32 pts

Double file extension trick (e.g., .pdf.exe)+30 pts

Punycode (xn--) in hostname+30 pts

URL shortener detected+28 pts

Suspicious TLD (.zip, .top, .xyz, .cfd, .sbs, etc.)+25 pts

Medium Severity

Random-looking domain pattern+22 pts

Credential-bait URL structure (verify/login + params)+22 pts

Suspicious query parameters (3+)+22 pts

Brand + keyword lookalike on common TLD+20 pts

Excessive subdomains (4+)+20 pts

Open redirect parameter+18 pts

High-entropy URL segments+18 pts

Non-standard port number+15 pts

Base64-encoded data in URL+15 pts

URL length ≥ 120 characters+12 pts

6+ query parameters+12 pts

Excessive hyphens in domain (3+)+12 pts

Suspicious keywords in path (login, verify, etc.)+10 pts base

Encoded URL characters (%XX)+10 pts

Sensitive query parameters (1–2)+10 pts

Low Severity

Not using HTTPS+12 pts

Certain combinations automatically set a minimum score floor. For example, homoglyph brand impersonation + suspicious TLD sets a floor of 95.

Email Analysis Rules

High Severity

DMARC authentication failed+30 pts

Display name impersonates brand (domain mismatch)+30 pts

SPF authentication failed+25 pts

Phishing-pattern sending domain+25 pts

Trusted brand/agency impersonation in sender name+25 pts

DMARC + SPF dual failure (stacking bonus)+22 pts

Threat or urgency subject line+22 pts

Credential-bait subject + suspicious sender domain+22 pts

Authority figure impersonation in sender+22 pts

From / Return-Path domain mismatch+20 pts

Medium Severity

DKIM authentication failed+18 pts

Scarcity or false urgency in subject+18 pts

Reciprocity or false reward in subject+16 pts

Reply-To domain mismatch+15 pts

Bulk email without unsubscribe + domain mismatch+15 pts

SPF softfail+12 pts

5+ routing hops+12 pts

Message-ID domain mismatch+8 pts

Multi-signal stacking bonuses add extra points when authentication failures, domain mismatches, impersonation, and threat language appear together.

Message Analysis Rules

The message checker analyzes text for scam patterns across multiple categories. It also detects URLs within messages and applies link-based checks.

High Severity

Crypto wallet / seed phrase phishing+45 pts

Gift card purchase and send request+40 pts

Government claim with non-.gov link+40 pts

Threats or penalty language (suspended, locked, arrest)+38 pts

Immediate payment demand (wire, gift card, crypto)+35 pts

Family member claiming new number + money request+35 pts

Fake check overpayment scam pattern+35 pts

Business executive impersonation + payment request (BEC)+35 pts

Brand claim with mismatched domain+34 pts

OTP/2FA code theft attempt+35 pts

Brand claim with mismatched domain+34 pts

Toll or parking fine scam (EZPass, SunPass, etc.)+32 pts

Account security verification bait+32 pts

Unsolicited charge/payment notification+32 pts

Crypto/investment scam pattern+32 pts

Family emergency / grandparent scam+32 pts

Advance fee fraud (fee to release funds)+32 pts

Medium Severity

Phone callback scam pattern+30 pts

Fake unauthorized activity alert+30 pts

Romance / relationship scam pattern+30 pts

Tech support scam pattern+30 pts

Rental scam payment pattern+30 pts

Package delivery scam with action bait+30 pts

SIM swap / phone porting alert+30 pts

Urgent wire transfer bypassing normal processes+30 pts

Fear-based manipulation (arrest, criminal charges)+30 pts

Risky domain extension in link (.click, .top, .xyz)+28 pts

Government/brand impersonation cues+28 pts

Bait language (refund, prize, lottery, inheritance)+28 pts

Dollar amount transaction claim+28 pts

Job/employment scam pattern+28 pts

Payment detail change request (vendor fraud)+28 pts

Charity / disaster relief scam+28 pts

Lottery or sweepstakes scam opening+28 pts

Redelivery fee scam+28 pts

Misspelled brand name (homoglyph in text)+25 pts

Account “on hold” pressure tactic+25 pts

Urgency pressure language+25 pts

Fake official/legal wording+25 pts

Direct money request pattern+25 pts

Fake carrier verification request+25 pts

Lower Severity

Suspicious/masked link+22 pts

Download or click bait+22 pts

Scarcity / false urgency tactic+22 pts

Reciprocity / false reward tactic+22 pts

Fake receipt or invoice lure+20 pts

Secrecy or isolation tactic+22 pts

Reply-to-confirm smishing pattern+18 pts

Pig butchering grooming pattern+18 pts

Phone number paired with urgency+18 pts

Excessive ALL-CAPS+15 pts

Toll-free callback number+15 pts

Disaster-themed solicitation+15 pts

When multiple scam tactics appear together (e.g., impersonation + payment demand, or romance + payment), stacking bonuses add extra points and can set minimum score floors up to 80.

Phone Number Analysis Rules

The phone number checker is designed for U.S. phone numbers only. It validates numbers against NANPA (North American Numbering Plan) rules, FTC/FCC robocall data, and known scam patterns. Results are not always accurate — always verify callers independently.

High Severity

900/976 premium-rate number+50 pts

Unassigned or reserved area code (N11 codes, 555, etc.)+35–40 pts

All-zeros or all-nines number+40 pts

555-01XX fictional number range+35 pts

Invalid NANPA area code (starts with 0 or 1)+30 pts

Caribbean/high-cost one-ring scam prefix+30 pts

Repeating digit pattern (5+ in a row)+25 pts

Invalid NANPA exchange code (starts with 0 or 1)+25 pts

Medium Severity

Toll-free number (800/888/877/866/855/844/833)+20 pts

Sequential digit pattern+20 pts

International (non-US) number+20 pts

Wrong digit count for US number+15–20 pts

Repeating last 4 digits+15 pts

Government spoof area code (202, 571, 703, etc.)+15 pts

Palindrome digit pattern+12 pts

High-volume robocall area code (FTC/FCC data)+10 pts

Phone number analysis uses NANPA formatting rules, FTC/FCC robocall complaint data, and pattern-based heuristics. This tool does not look up numbers in real-time databases — it checks structural indicators only.

Advanced Rules ACCESS CODE

Access-code users get additional analysis layers that improve detection depth.

🛡 Google Safe Browsing

URL flagged for malware, phishing, or unwanted software+55 pts

🔎 AlienVault OTX

Domain/IP appears in 2+ active threat pulses+15-40 pts

🚩 AbuseIPDB

Host IP has abuse-confidence score ≥ 25/100+15-40 pts

🌐 Domain Reputation Signals

Domain registered < 30 days ago+25 pts

Domain registered < 90 days ago+15 pts

Privacy-protected registrant+5 pts

Limitations

These tools use heuristic analysis — they check for indicators of suspicious behavior, not definitive proof. A high score does not guarantee a scam, and a low score does not guarantee safety. The URL checker does not load or execute content from URLs, and email header parsing may not cover all edge cases. The phone number checker is designed for U.S. phone numbers only and uses structural pattern analysis — it does not query real-time databases or carrier records.

Safety Notes

Never visit suspicious URLs directly. This tool analyzes URLs without loading them in your browser. Use a sandboxed environment for deeper investigation.

Do not submit sensitive data. This is a static analysis tool. Don't paste passwords, personal info, or production credentials.