How ScamVerify Works - AI Scam Detection Explained

ScamVerify
Menu
How ScamVerify Works

ScamVerify™ checks phone numbers, websites, text messages, emails, documents, and QR codes against federal databases, carrier records, threat intelligence, and AI. We show you exactly what we found and why.

Three steps. Any channel. Enter a phone number, paste a URL, upload a document or QR code, or submit a suspicious text message or email. ScamVerify™ automatically detects the threat type, cross-references multiple independent data sources in parallel, and delivers a risk score with a detailed AI-generated explanation. You see exactly what each source found.

Step 1

Submit a Threat

Enter a phone number, paste a URL, upload a document or QR code, or submit a suspicious text message or email. ScamVerify™ automatically detects the threat type and routes it to the right verification pipeline.

Step 2

We Analyze It

We cross-reference multiple independent data sources in parallel. Federal complaint databases, carrier records, threat intelligence feeds, and AI analysis all run simultaneously to build a complete picture.

Step 3

Get Your Verdict

See a risk score from 0 to 100, a clear verdict, and a detailed AI-generated explanation. We show you exactly what each data source found so you can make an informed decision.

Verification by Channel

Phone Number Verification

Enter any U.S. phone number to get a comprehensive risk assessment. We check the number against federal complaint databases, verify the carrier and line type, scan robocall databases, and run AI analysis to synthesize everything into a clear verdict.

Data Sources Used

  • FTC Do Not Call complaint records
  • FCC Consumer Complaints database
  • Twilio carrier verification (carrier name, line type, CNAM, network status)
  • Industry robocall detection database
  • Threat intelligence scan (fraud scoring, risk signals)
  • AI synthesis engine
  • Community reports

What We Check

  • Is this number associated with known scam operations?
  • How many federal complaints have been filed against it?
  • Is the carrier a high-risk VoIP provider commonly used by scammers?
  • Is the number valid, or is caller ID being spoofed?
  • Is the number actually active on the carrier network, or disconnected?
  • What are other users reporting about this number?

Website / URL Verification

Paste any URL to check if a website is safe. We analyze the domain registration, SSL certificate, redirect chains, and check against multiple threat databases. Our AI examines the full context to identify phishing sites, malware distribution, and brand impersonation.

Data Sources Used

  • Google Web Risk (phishing, malware, social engineering)
  • URLhaus threat intelligence (malware distribution URLs)
  • RDAP domain registration (domain age, registrar, expiration)
  • SSL certificate validation
  • Redirect chain analysis
  • Brand impersonation detection
  • Threat intelligence scan
  • AI synthesis engine
  • Community reports

What We Check

  • Is this URL flagged for phishing, malware, or social engineering?
  • How old is the domain? (New domains are higher risk)
  • Does the URL redirect through suspicious intermediate sites?
  • Is the SSL certificate valid and properly configured?
  • Is this site impersonating a well-known brand?
  • What are other users reporting about this website?

Text Message / SMS Verification

Paste a suspicious text message to have it analyzed. We automatically extract any phone numbers and URLs from the message, run each through our full verification pipelines, then use AI to analyze the message content for common scam patterns like urgency tactics, phishing language, and impersonation attempts.

Data Sources Used

  • Automatic URL extraction and website verification
  • Automatic phone number extraction and phone verification
  • Sender number verification (if provided)
  • Scam pattern detection (urgency, impersonation, phishing)
  • AI synthesis engine

What We Check

  • Does the message contain suspicious URLs? (Each is verified independently)
  • Does the message contain phone numbers? (Each is verified independently)
  • Is the sender number associated with known scam operations?
  • Does the language use urgency tactics or impersonation?
  • Does it match known scam templates (package delivery, bank alerts, IRS)?

Email Verification

Paste a suspicious email on the web or forward it to scan@scamverify.ai for instant analysis. We extract the sender domain, check its registration history, parse email headers for authentication failures, extract and verify all embedded URLs and phone numbers, and use AI to identify phishing attempts, business email compromise, and social engineering.

Data Sources Used

  • Sender domain RDAP (domain age, registrar, registration history)
  • Email header parsing (SPF, DKIM, DMARC authentication)
  • Automatic URL extraction and website verification
  • Automatic phone number extraction and phone verification
  • Scam pattern detection
  • AI synthesis engine

What We Check

  • Is the sender domain newly registered? (Common for phishing)
  • Do the email headers show authentication failures (SPF, DKIM, DMARC)?
  • Does the email contain suspicious URLs? (Each is verified independently)
  • Is this a business email compromise or impersonation attempt?
  • Does the content match known phishing templates?

Document Verification

Upload a photo of any suspicious document for AI-powered verification. Our vision AI extracts every verifiable entity (phone numbers, URLs, QR codes, addresses, official names, legal citations, case numbers) and checks each against government databases, threat intelligence, and court records.

Data Sources Used

  • Vision AI entity extraction (GPT-4o)
  • Automatic phone number extraction and phone verification
  • Automatic URL extraction and website verification
  • Automatic QR code decoding and URL verification
  • Address and jurisdiction validation
  • Scam pattern detection (fake warrants, impersonation, overpayment)
  • AI synthesis engine

What We Check

  • Does the document contain phone numbers linked to known scam operations?
  • Are any embedded URLs or QR codes pointing to malicious sites?
  • Do the official names, case numbers, and jurisdictions check out?
  • Does the document match known scam templates (fake warrants, IRS letters)?
  • Are there red flags like spelling errors, mismatched logos, or pressure tactics?

QR Code Verification

Upload a photo of any QR code to verify the destination URL before scanning it. We decode the QR code, extract the embedded URL, and run it through our full website verification pipeline including Google Web Risk, URLhaus, domain intelligence, and AI analysis.

Data Sources Used

  • QR code decoding (jsQR)
  • Google Web Risk (phishing, malware, social engineering)
  • URLhaus threat intelligence (malware distribution URLs)
  • RDAP domain intelligence (domain age, registrar)
  • SSL certificate validation
  • Brand impersonation detection
  • AI synthesis engine

What We Check

  • Where does this QR code actually lead?
  • Is the destination URL flagged for phishing, malware, or social engineering?
  • Is the domain newly registered? (Common for quishing attacks)
  • Does the URL redirect through suspicious intermediate sites?
  • Is this QR code impersonating a legitimate brand or service?

Our Data Sources

We pull from 11 independent data sources across all channels. Every source is shown in your results so you can see exactly what was checked.

FTC Do Not Call Registry

Over 1.6 million consumer complaints about unwanted calls, robocalls, and telemarketing violations. We sync this data hourly via automated pipelines.

Used by: Phone, Text, Document

FCC Consumer Complaints

Reports filed directly with the Federal Communications Commission dating back to 2014. Covers unwanted calls, robocalls, and telemarketing violations.

Used by: Phone, Text, Document

Twilio Carrier Forensics

Real-time carrier verification including carrier name, line type (mobile, landline, VoIP), caller ID (CNAM), and network status (active, inactive, reachable). Disconnected numbers and VoIP numbers from high-risk carriers are automatically flagged.

Used by: Phone, Text, Document

Robocall Detection Database

Industry database tracking millions of known robocaller numbers, updated daily. Identifies automated calling operations, phone spam campaigns, and known robocall networks.

Used by: Phone

Google Web Risk

Google's threat database covering phishing sites, malware distribution, and social engineering URLs. Updated continuously based on billions of web pages scanned daily.

Used by: Website, Text, Email, Document, QR Code

Global Threat Intelligence

Community-sourced malware URL database tracking active malware distribution URLs, botnet command-and-control servers, and payload hosting sites.

Used by: Website, Text, Email, Document, QR Code

RDAP Domain Intelligence

Domain registration data including creation date, registrar, and expiration. Newly registered domains (under 30 days) are a strong indicator of phishing and scam operations.

Used by: Website, Email, QR Code

SSL Certificate Analysis

Validates SSL/TLS certificates including issuer, expiration, and configuration. Missing or invalid certificates on sites requesting sensitive information is a major red flag.

Used by: Website, QR Code

Threat Intelligence Scan

Proprietary threat scoring that aggregates multiple risk signals including fraud likelihood, bot activity, and historical abuse patterns across phone numbers and URLs.

Used by: Phone, Website, Document

AI Synthesis Engine

Multi-model AI that synthesizes all data sources into a plain-English risk assessment. The AI explains exactly what the data shows, what each source found, and what it means for you.

Used by: All channels

Community Reports

Real reports from users who have encountered scam calls, phishing websites, and fraudulent messages. Every report you submit helps protect others in the community.

Used by: Phone, Website

Understanding Risk Scores

Every check produces a risk score from 0 to 100 based on the combined evidence from all data sources.

0-25Low Risk

Likely safe. No significant risk indicators found across any data source.

26-50Moderate Risk

Use caution. Some risk indicators present. Proceed carefully and verify independently.

51-75High Risk

Likely a scam. Multiple risk indicators detected across data sources.

76-100Critical Risk

Confirmed threat. Do not engage, click, or respond.

What Affects the Score

Phone Numbers

  • Number of FTC and FCC complaints filed
  • Carrier type (VoIP from high-risk carriers scores higher)
  • Network status (disconnected numbers indicate spoofing)
  • Robocall database flags
  • Threat intelligence fraud score
  • Number validity (invalid = spoofed = 100/100)
  • Volume and severity of community reports

Websites / URLs

  • Google Web Risk threat flags (phishing, malware)
  • URLhaus malware database matches
  • Domain age (under 30 days = high risk)
  • SSL certificate validity and configuration
  • Suspicious redirect chains
  • Brand impersonation patterns
  • Threat intelligence fraud score

Text Messages

  • Risk scores of any extracted URLs (verified independently)
  • Risk scores of any extracted phone numbers
  • Sender number risk (if provided)
  • Urgency language and pressure tactics
  • Known scam template matching (package, bank, IRS)
  • Impersonation and phishing patterns

Emails

  • Sender domain age and registration history
  • Email authentication failures (SPF, DKIM, DMARC)
  • Risk scores of any extracted URLs
  • Risk scores of any extracted phone numbers
  • Business email compromise indicators
  • Phishing template and social engineering patterns

Documents

  • Risk scores of any extracted phone numbers
  • Risk scores of any extracted URLs or QR codes
  • Jurisdictional and official name validation
  • Known scam template matching (fake warrants, IRS letters)
  • Visual red flags (spelling errors, mismatched logos, seals)
  • Pressure tactics and urgency language

QR Codes

  • Destination URL threat flags (phishing, malware)
  • URLhaus malware database matches
  • Domain age of the destination (under 30 days = high risk)
  • SSL certificate validity of destination site
  • Suspicious redirect chains
  • Brand impersonation patterns

Note: Invalid phone numbers automatically receive a 100/100 risk score because they indicate caller ID spoofing. URLs flagged by Google Web Risk for malware or phishing receive significantly elevated scores. The AI synthesis layer considers all signals together, so a number with 50 FTC complaints and a high-risk VoIP carrier will score higher than one with a single complaint on a legitimate carrier.

The power of community reports. Your reports directly impact risk scores and help protect others. When you report a scam call or a phishing website, you are contributing to a database that helps the entire community identify and avoid similar threats. Community reports are especially valuable for catching new scams that have not yet been flagged by federal databases.

Important Limitations

We believe in being transparent about what we can and cannot do. No scam detection tool is perfect, and understanding these limitations helps you use ScamVerify™ effectively.

What We Cannot Do

  • Guarantee 100% accuracy on any check
  • Detect every scam, especially brand-new ones
  • Verify the actual identity of callers or site owners
  • Block calls, texts, or emails on your device
  • Guarantee a website is safe to transact on
  • Analyze content in languages other than English

Always Use Caution

  • Never give personal or financial information to unknown callers
  • Do not click links in suspicious texts or emails
  • If something feels wrong, trust your instincts
  • When in doubt, contact the organization directly using a number from their official website
  • A low risk score does not mean something is guaranteed safe

Report scams to the FTC: If you have been targeted by a scam, report it at reportfraud.ftc.gov. Your report helps federal investigators track and shut down scam operations.

Disclaimer: ScamVerify™ provides information to help you make decisions. It is not a substitute for your own judgment or professional advice.

Your privacy matters. We take privacy seriously. We hash IP addresses, never store raw IPs, and give you full control over your data. We never sell your information, share it with advertisers, or use it for anything other than protecting you. Read our full Privacy Policy.

Check any phone number, website, text, email, document, or QR code for free.

Instant AI analysis backed by millions of federal records and real-time threat data.

Check Now