Scam Message Checker
Got a suspicious text, email, or chat message? Paste it below. We will scan it for the red flags scammers use most often and give you a clear risk score — with the exact warning signs spelled out in plain English.
Your message never leaves this page. All analysis runs locally in your browser. We do not save, send, or store what you paste.
Paste at least a sentence or two so the checker has enough to analyse.
How the checker decides a message is suspicious
Scam messages are not random. Year after year, the FBI’s Internet Crime Complaint Center (IC3), the US Federal Trade Commission, UK’s Action Fraud, and Australia’s Scamwatch all report the same patterns. Scammers reuse them because they work. This tool looks for those patterns in the message you paste.
The biggest red flag is any request for a one-time code (OTP) or verification number. Real banks, tech companies, and government offices never ask you to read back a code from a text — if someone is asking, they are trying to break into your account. Close to that is a demand to pay with gift cards, wire transfer, or cryptocurrency. No legitimate debt collector, family emergency, or IRS agent will ever ask for Apple or Google Play cards. That one line alone is enough to confirm a scam.
The checker also watches for manufactured urgency(“act within 60 minutes”, “last chance”, “account will be suspended today”), threat language (“warrant for your arrest”, “deportation”, “legal action”), and any text claiming to be from the IRS, Medicare, HMRC, or the ATO. These agencies write letters — they do not send you links. Generic greetings like “Dear Customer” and URL shorteners (bit.ly, tinyurl, random .xyz or .click domains) are medium-severity flags: on their own they prove nothing, but combined with urgency or an OTP request they confirm the scam.
Finally, the tool looks at writing style— excessive ALL CAPS, strings of exclamation marks, and requests for personal details like your Social Security Number, bank account, or mother’s maiden name. A real company already knows who you are; they do not need to ask.
Each signal adds to a risk score out of 100. Anything above 30 deserves a pause; above 60 and you should delete the message. But remember — no automated tool catches everything. If a message feels wrong but the score is low, trust your gut and ask a family member, friend, or your bank before you click or reply.
Frequently asked questions
Is my message really private?
Yes. The checker runs entirely in your web browser using a local rule engine. Your message is never sent to us or to any server — we cannot see what you paste, and nothing is saved or logged.
What does the risk score mean?
The score is a simple total of warning signs found in the message, from 0 (no signals) to 100 (many strong signals). A score above 30 usually means you should not click anything; above 60 means treat it as almost certainly a scam.
Can the tool catch every scam?
No. Scammers change tactics constantly. The checker looks for the most common patterns — urgency, fake agency names, requests for OTPs or gift cards, shortener links. Always trust your instincts and ask someone you know if you are unsure.
What should I do if I already clicked a link or shared information?
Change the password on the affected account right away. If you shared card or bank details, call your bank using the number on the back of your card. In the US, place a free fraud alert with Equifax, Experian, or TransUnion and report the scam at reportfraud.ftc.gov. In the UK, contact Action Fraud. In Australia, contact Scamwatch.
Does the IRS, Medicare, HMRC, or ATO ever text people?
These agencies do not send text messages asking for money, passwords, or one-time codes. They contact you by postal mail. If you get a text claiming to be from them, it is a scam — do not click, do not call back.