ScamLight

Protecting older adults from AI-powered scams through real-time content detection.

Comment

Inspiration

The Trillion-Dollar Problem

Older adults in the United States lose over $3 billion to fraud every year, and the rise of AI voice cloning and generative content is making the threat even worse. Someone close to me was almost tricked by an “emergency” phone call that used an AI recreation of a loved one’s voice—and it exposed a critical gap in the tools we put in front of seniors. Traditional scam detectors fixate on malicious URLs, but today’s scammers operate on legitimate platforms (Gmail, Facebook, Amazon, etc) so the bad content sails right through.

The AI Arms Race

Generative AI has fundamentally tilted the playing field:

  • Attackers can spin up perfect phishing emails, fake reviews, synthetic voices, even deepfake videos in seconds.
  • Older adults, who grew up before AI was a factor, don’t have the pattern recognition to spot these fakes.
  • Existing defenses are not designed to inspect the actual content itself, so they miss the new wave entirely.

Chrome’s built-in Gemini Nano APIs offers a new angle: fight AI-powered scams with AI that lives inside the browser, completely on-device so privacy and accessibility are never compromised.

Mission

I’ve spent years working on gerontechnology. ScamLight had to:

  • Protect without patronizing: plain language, no scare tactics.
  • Honor privacy: every analysis stays on the device.
  • Meet seniors where they are: large fonts, color + shape indicators, and a literal “Read Aloud” button.
  • Build confidence: show exactly what was flagged and why, then suggest the next safest action.

ScamLight is that guardian: an AI safety net that sits quietly in Chrome and steps forward only when something feels off.

What It Does

  • Real-time page scanning: As soon as a page loads, ScamLight inspects visible text and quietly updates the toolbar badge - 🟢 SAFE, 🟡 CAUTION, 🔴 HIGH RISK.
  • Quick Safety Check: In the popup, seniors can paste suspicious text, drag in an image (e.g., a fake giveaway), or upload a voicemail, all analyzed instantly on-device.
  • Explain Like I’m 65: Chrome’s Summarizer API distills findings into a grade-6 “Key Takeaway,” while the Proofreader API keeps explanations simple and jargon-free.
  • Actionable next steps: We highlight urgency language, fake login prompts, or AI voice artifacts, then recommend what to do (“Call your bank directly,” “Don’t scan that QR code”).
  • Accessibility-first: One tap enables Large Text, Read Aloud (Web Speech API), or translations into Spanish, French, or German via the Chrome Translator API.
  • Education on demand: Every indicator includes a tooltip to help users learn to spot scams themselves over time.

How We Built It

Architecture (Manifest V3 Chrome Extension)

  • Content script gathers visible text, notable images, and audio sources.
  • Service worker coordinates detection, caches results per tab, and controls the badge.
  • React + TypeScript popup delivers the senior-friendly UI, including Quick Safety Check.
  • Detection modules:
    • Text: Unicode anomalies, linguistic heuristics, and scam-pattern analysis feed into the Prompt API for final judgment.
    • Images and audio: Heuristic detectors identify QR bait, urgency banners, fake UI, urgent tone, scripted cadence, or AI voice artifacts so its ready to be upgraded to full multimodal Prompt API the moment it lands in Chrome Stable.

Chrome Built-in AI APIs in Action

  1. Prompt API: interprets scam tactics and returns structured JSON with risk levels and indicators.
  2. Summarizer API: compresses findings into a one-sentence “Key Takeaway” shown at the top of the alert.
  3. Proofreader (Rewriter) API: rewrites explanations to a grade-7 reading level and flags suspiciously perfect grammar as an AI signal.
  4. Translator API: instantly renders all explanations in English, Spanish, French, or German.

Core Tooling

  • TypeScript for strict typing and safety.
  • Vite for fast builds and lightweight bundling.
  • React for declarative, accessible UI.
  • Web Speech API for read-aloud mode.
  • chrome.storage.session for per-tab result caching.

ScamLight gives the web’s most targeted users a fighting chance because when scammers weaponize AI, our browsers are their first line of defense, and now Chrome allows on-device AI that’s on the user’s side.

Share this project:

Updates