DEV Community: blaycoder The latest articles on DEV Community by blaycoder (@blaycoder). https://dev.to/blaycoder https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F813440%2F16e62132-62db-4161-b5df-c09cef0be2a2.png DEV Community: blaycoder https://dev.to/blaycoder en ScamDetect: Building a Multilingual AI-Powered Phishing Detection Platform blaycoder Mon, 16 Mar 2026 22:19:51 +0000 https://dev.to/blaycoder/scamdetect-building-a-multilingual-ai-powered-phishing-detection-platform-1d4n https://dev.to/blaycoder/scamdetect-building-a-multilingual-ai-powered-phishing-detection-platform-1d4n <p><strong>tags:</strong> <code>ai</code>, <code>security</code>, <code>phishing</code>, <code>next.js</code>, <code>node.js</code>, <code>cybersecurity</code></p> <h2> Introduction </h2> <p>Every day, millions of people fall victim to phishing scams and phishing messages. Scammers don't just target people in English-speaking countries; they attack globally, using local languages to make their deceptive messages seem more trustworthy.</p> <p>This is where <strong>ScamDetect</strong> comes in.</p> <p>I built ScamDetect to solve this problem - a <strong>free, multilingual AI-powered platform</strong> that can detect phishing attempts, scams, and malicious URLs <strong>in multiple languages</strong>. Whether you speak English, Spanish, French, Arabic, or Chinese, ScamDetect can help you identify and avoid online scams before they harm you.</p> <h2> Why I Built This Project </h2> <p>The motivation came from two key realizations:</p> <h3> 1. <strong>Phishing is a Global Problem</strong> </h3> <p>According to recent statistics, over <strong>3.4 billion phishing emails are sent every day</strong> -&gt; <a href="https://aag-it.com/the-latest-phishing-statistics/#:~:text=Is%20phishing%20the%20most%20common,emails%20are%20sent%20every%20day" rel="noopener noreferrer">View</a>. But what's worse is that non-English speakers are often <strong>underserved</strong> by existing security tools. A scammer might convince someone in Indonesia by sending a message in Indonesian, but government and commercial security tools often focus on English-language threats.</p> <h3> 2. <strong>A friend of mine was scammed</strong> πŸ˜ͺπŸ˜₯ </h3> <p>A friend of mine was duped through a phishing attack, and it really made me think about how easily these things can happen. Many times people don’t recognize phishing messages until it’s already too late.</p> <p>I’ve always had a strong interest in cybersecurity and phishing awareness, and whenever I get the opportunity, I try to educate people about how these scams work.</p> <p>When the <a href="https://lingo.dev" rel="noopener noreferrer">lingo.dev</a> hackathon came up, I saw it as an opportunity to build something that could actually help people beyond just awareness.</p> <h2> Key Features of ScamDetect </h2> <h3> 1. <strong>Multilingual Text Message Analysis</strong> </h3> <p>Users can paste a suspicious text message (SMS, WhatsApp, Telegram, etc.) and ScamDetect analyzes it for phishing indicators. The detection is <strong>language-independent</strong>, so a message in Spanish, Arabic, or Portuguese can be analyzed with the same accuracy.</p> <h3> 2. <strong>URL Phishing Scanning</strong> </h3> <p>ScamDetect checks suspicious URLs against two powerful threat intelligence databases:</p> <ul> <li> <strong>VirusTotal API</strong> β€” checks against 80+ antivirus engines</li> <li> <strong>PhishTank</strong> β€” checks against known phishing databases</li> </ul> <p>This multi-source approach ensures fewer false positives while catching more real threats.</p> <h3> 3. <strong>Screenshot OCR Detection</strong> </h3> <p>Many scams come from screenshots of fake banking apps, fake payment screens, or fabricated messages. ScamDetect can:</p> <ul> <li>Extract text from screenshots using <strong>Google Vision OCR (even though I have challenges enabling the billing after trying several attempt. I could not log into Microsoft Azure to use the OCR tool hence why I reverted back to Google Vision OCR since that is just only a billing issue.)</strong> </li> <li>Analyze the extracted text for phishing indicators</li> <li>All without needing the user to manually type anything</li> </ul> <h3> 4. <strong>AI-Powered Scam Classification</strong> </h3> <p>Using <strong>Ollama with the gpt-oss:120b-cloud model</strong>, ScamDetect runs an advanced AI classifier to determine if a message is genuinely a phishing attempt or a legitimate message. This goes beyond simple keyword matchingβ€”the AI understands context and language patterns.</p> <h3> 5. <strong>Results Translated into Your Language</strong> </h3> <p>All analysis results are automatically <strong>translated into the user's preferred language</strong> using the Lingo.dev translation API. </p> <h3> 6. <strong>User Dashboard</strong> </h3> <p>Users can:</p> <ul> <li>View their scan history</li> <li>Track patterns in scams they've encountered</li> </ul> <h2> Architecture Overview </h2> <p>ScamDetect follows a <strong>modern full-stack architecture</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Frontend (Next.js + React) β”‚ β”‚ β€’ User Interface β”‚ β”‚ β€’ Language Selection β”‚ β”‚ β€’ Input Handling β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ HTTP/HTTPS β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Backend (Node.js + Express) β”‚ β”‚ β€’ API Endpoints β”‚ β”‚ β€’ Detection Pipeline β”‚ β”‚ β€’ Service Orchestration β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”‚ β–Ό β–Ό β–Ό β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚Databaseβ”‚β”‚ OCR β”‚β”‚AI β”‚β”‚APIs (VT, β”‚ β”‚ β”‚β”‚ β”‚β”‚Model β”‚β”‚PhishTank) β”‚ β”‚Supabaseβ”‚β”‚Googleβ”‚β”‚Ollamaβ”‚β”‚Translation β”‚ β”‚ β”‚β”‚ Visionβ”‚β”‚gpt-oss:120b-cloudβ”‚β”‚Lingo.dev β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ </code></pre> </div> <h3> Data Flow: </h3> <ol> <li> <strong>User Input</strong> β†’ Frontend captures text, URL, or screenshot image</li> <li> <strong>Frontend sends request</strong> β†’ Backend API with language preference</li> <li> <strong>Backend processes</strong>: <ul> <li>Extracts keywords and URLs</li> <li>Checks domain similarity using the Levenshtein distance method</li> <li>Submits URLs to VirusTotal/PhishTank</li> <li>Runs AI classification if text is detected</li> </ul> </li> <li> <strong>Results are compiled</strong> β†’ Risk score calculated</li> <li> <strong>Translation layer</strong> β†’ Results translated to user's language</li> <li> <strong>Response sent back</strong> β†’ Frontend displays rich visualization</li> <li> <strong>Data persisted</strong> β†’ Results stored in Supabase for user's dashboard</li> </ol> <h3> Flow Chart: </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8iox4n7m9wl3jdno3nkd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8iox4n7m9wl3jdno3nkd.png" alt="ScamDetect Flowchart" width="800" height="1740"></a></p> <h2> Important Code Examples </h2> <p>Let's look at real code from ScamDetect and understand how it works.</p> <h3> 1. Sending Text to Backend for Analysis </h3> <p><strong>Frontend Code</strong> - how users send text messages for analysis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// frontend/src/lib/api.ts</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">api</span> <span class="o">=</span> <span class="p">{</span> <span class="cm">/** POST /api/analyze-message */</span> <span class="na">analyzeMessage</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span> <span class="na">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">language</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">DetectionResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">API_URL</span><span class="p">}</span><span class="s2">/api/analyze-message`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">...(</span><span class="k">await</span> <span class="nf">authHeaders</span><span class="p">()),</span> <span class="c1">// Include user auth token</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">language</span> <span class="p">}),</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">handleResponse</span><span class="o">&lt;</span><span class="nx">DetectionResult</span><span class="o">&gt;</span><span class="p">),</span> <span class="p">};</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Takes a suspicious message and target language</li> <li>Sends it to the backend <code>/api/analyze-message</code> endpoint</li> <li>Includes authentication headers (if user is logged in)</li> <li>Returns structured analysis results</li> </ul> <p><strong>Why it's important:</strong></p> <ul> <li>Simple, type-safe API using TypeScript</li> <li>Supports authentication without exposing tokens</li> <li>Error handling built-in via <code>handleResponse</code> </li> </ul> <p><strong>Backend Code</strong> - how the backend processes the message:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// backend/src/controllers/analyze.controller.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">analyzeMessage</span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">language</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Run the full detection pipeline</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">runDetectionPipeline</span><span class="p">(</span><span class="nx">message</span><span class="p">,</span> <span class="nx">language</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Save result to database asynchronously</span> <span class="nf">saveDetectionResult</span><span class="p">(</span><span class="nx">message</span><span class="p">,</span> <span class="nx">result</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">userId</span><span class="p">).</span><span class="k">catch</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{});</span> <span class="c1">// Return results immediately</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Detection pipeline failed</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Validates and extracts message and language from request</li> <li>Runs the detection pipeline (keyword matching, URL extraction, AI classification)</li> <li>Saves results to database for user history</li> <li>Returns response immediately (doesn't wait for database save)</li> </ul> <p><strong>Why it's important:</strong></p> <ul> <li>Fast response timeβ€”doesn't block on database operations</li> <li>Persistent history for user analysis</li> <li>Graceful error handling</li> </ul> <h3> 2. Running VirusTotal API for URL Scanning </h3> <p><strong>Backend Service</strong> β€” how we check URLs against VirusTotal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// backend/src/services/virustotalService.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">submitUrl</span><span class="p">(</span><span class="nx">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nf">apiKey</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">key</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">body</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">url</span><span class="dl">"</span><span class="p">,</span> <span class="nx">url</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nx">post</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">VT_API_URL</span><span class="p">}</span><span class="s2">/urls`</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">x-apikey</span><span class="dl">"</span><span class="p">:</span> <span class="nx">key</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cm">/** * Get detailed analysis of a VirusTotal scan */</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getAnalysis</span><span class="p">(</span> <span class="nx">analysisId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">VTDetailedResult</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nf">apiKey</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">key</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="kd">get</span><span class="o">&lt;</span><span class="nx">VTAnalysisResponse</span><span class="o">&gt;</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">VT_API_URL</span><span class="p">}</span><span class="s2">/analyses/</span><span class="p">${</span><span class="nx">analysisId</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">x-apikey</span><span class="dl">"</span><span class="p">:</span> <span class="nx">key</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">attrs</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">attributes</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">vtAnalysisId</span><span class="p">:</span> <span class="nx">analysisId</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="na">maliciousCount</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">stats</span><span class="p">.</span><span class="nx">malicious</span> <span class="o">||</span> <span class="mi">0</span><span class="p">,</span> <span class="na">phishingCount</span><span class="p">:</span> <span class="p">(</span><span class="nx">attrs</span><span class="p">.</span><span class="nx">results</span> <span class="o">||</span> <span class="p">{})[</span><span class="dl">"</span><span class="s2">Phish Threat</span><span class="dl">"</span><span class="p">]</span> <span class="p">?</span> <span class="mi">1</span> <span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">harmlessCount</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">stats</span><span class="p">.</span><span class="nx">harmless</span> <span class="o">||</span> <span class="mi">0</span><span class="p">,</span> <span class="na">suspiciousCount</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">stats</span><span class="p">.</span><span class="nx">suspicious</span> <span class="o">||</span> <span class="mi">0</span><span class="p">,</span> <span class="na">undetectedCount</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">stats</span><span class="p">.</span><span class="nx">undetected</span> <span class="o">||</span> <span class="mi">0</span><span class="p">,</span> <span class="na">engines</span><span class="p">:</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">attrs</span><span class="p">.</span><span class="nx">results</span> <span class="o">||</span> <span class="p">{}).</span><span class="nf">map</span><span class="p">(</span> <span class="p">([</span><span class="nx">name</span><span class="p">,</span> <span class="nx">result</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="nx">name</span><span class="p">,</span> <span class="na">category</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">category</span><span class="p">,</span> <span class="na">result</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">result</span><span class="p">,</span> <span class="p">}),</span> <span class="p">),</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Submits a URL to VirusTotal's API for scanning</li> <li>Polls the analysis endpoint to get the results</li> <li>Returns detailed information including malicious engines and detection counts</li> <li>Gracefully handles API key missing or API failures</li> </ul> <p><strong>Why it's important:</strong></p> <ul> <li>VirusTotal provides crowd-sourced threat intelligence from 80+ antivirus engines</li> <li>One malicious URL detection might be a false positive, but multiple engines agreeing is strong signal</li> <li>Decoupling URL checking from our own detection logic keeps our system modular</li> </ul> <h3> 3. Extracting Text from Screenshots Using OCR </h3> <p><strong>Backend Service</strong> β€” how we extract text from screenshot images:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// backend/src/services/ocrService.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ImageAnnotatorClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@google-cloud/vision</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">OCRResult</span> <span class="p">{</span> <span class="nl">extractedText</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">confidence</span><span class="p">?:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="cm">/** Extract text from an image using Google Cloud Vision API */</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">extractTextFromImage</span><span class="p">(</span> <span class="nx">imageBase64</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">OCRResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">imageBase64</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">documentTextDetection</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">fullTextAnnotation</span> <span class="o">=</span> <span class="nx">response</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">fullTextAnnotation</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">fullTextAnnotation</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">extractedText</span><span class="p">:</span> <span class="dl">""</span><span class="p">,</span> <span class="na">confidence</span><span class="p">:</span> <span class="mi">0</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Calculate average confidence from all blocks</span> <span class="kd">const</span> <span class="nx">annotations</span> <span class="o">=</span> <span class="nx">response</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">fullTextAnnotation</span><span class="p">.</span><span class="nx">pages</span><span class="p">?.[</span><span class="mi">0</span><span class="p">].</span><span class="nx">blocks</span> <span class="o">||</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">confidences</span> <span class="o">=</span> <span class="nx">annotations</span> <span class="p">.</span><span class="nf">flatMap</span><span class="p">((</span><span class="nx">b</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">b</span><span class="p">.</span><span class="nx">paragraphs</span> <span class="o">||</span> <span class="p">[])</span> <span class="p">.</span><span class="nf">flatMap</span><span class="p">((</span><span class="nx">p</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">p</span><span class="p">.</span><span class="nx">words</span> <span class="o">||</span> <span class="p">[])</span> <span class="p">.</span><span class="nf">flatMap</span><span class="p">((</span><span class="nx">w</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">w</span><span class="p">.</span><span class="nx">symbols</span> <span class="o">||</span> <span class="p">[])</span> <span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">s</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">s</span><span class="p">.</span><span class="nx">confidence</span> <span class="o">||</span> <span class="mi">0</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">avgConfidence</span> <span class="o">=</span> <span class="nx">confidences</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="nx">confidences</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">a</span><span class="p">,</span> <span class="nx">b</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">a</span> <span class="o">+</span> <span class="nx">b</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">/</span> <span class="nx">confidences</span><span class="p">.</span><span class="nx">length</span> <span class="p">:</span> <span class="mi">0</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">extractedText</span><span class="p">:</span> <span class="nx">fullTextAnnotation</span><span class="p">.</span><span class="nx">text</span> <span class="o">||</span> <span class="dl">""</span><span class="p">,</span> <span class="na">confidence</span><span class="p">:</span> <span class="nx">avgConfidence</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Backend Controller</strong> β€” how the OCR endpoint works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// backend/src/controllers/screenshot.controller.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">scanScreenshot</span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">imageBase64</span><span class="p">,</span> <span class="nx">language</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Extract text from image</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">extractedText</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">extractTextFromImage</span><span class="p">(</span><span class="nx">imageBase64</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">extractedText</span><span class="p">.</span><span class="nf">trim</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">riskLevel</span><span class="p">:</span> <span class="dl">"</span><span class="s2">SAFE</span><span class="dl">"</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">No text found in image</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Analyze the extracted text</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">runDetectionPipeline</span><span class="p">(</span><span class="nx">extractedText</span><span class="p">,</span> <span class="nx">language</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Save for history</span> <span class="nf">saveDetectionResult</span><span class="p">(</span><span class="nx">imageBase64</span><span class="p">,</span> <span class="nx">result</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">userId</span><span class="p">).</span><span class="k">catch</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Screenshot scanning failed</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Takes a base64-encoded image from the frontend</li> <li>Uses Google Cloud Vision to extract text</li> <li>Calculates confidence score based on per-character confidence values</li> <li>Runs the normal detection pipeline on extracted text</li> <li>Returns phishing analysis results</li> </ul> <p><strong>Why it's important:</strong></p> <ul> <li>OCR allows users to share screenshots instead of typing (better UX)</li> <li>Confidence score helps users understand if text extraction was reliable</li> <li>Image-based scams (fake banking screens, fake payment apps) are very commonβ€”this feature is critical</li> </ul> <h3> 4. Translating Results with Lingo.dev </h3> <p><strong>Backend Service</strong> β€” translating analysis results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// backend/src/services/translationService.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">LingoDotDevEngine</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">lingo.dev/sdk</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">engine</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">LingoDotDevEngine</span><span class="p">({</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">LINGODOTDEV_API_KEY</span><span class="p">,</span> <span class="p">});</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">translateText</span><span class="p">(</span> <span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">targetLanguage</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Skip translation if no API key or target is English</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">LINGODOTDEV_API_KEY</span> <span class="o">||</span> <span class="nx">targetLanguage</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">text</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">engine</span><span class="p">.</span><span class="nf">localizeText</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="p">{</span> <span class="na">sourceLocale</span><span class="p">:</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">,</span> <span class="na">targetLocale</span><span class="p">:</span> <span class="nx">targetLanguage</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">result</span> <span class="o">??</span> <span class="nx">text</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Detection Pipeline</strong> β€” integrating translation into results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">runDetectionPipeline</span><span class="p">(</span> <span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">language</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">DetectionResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// ... analysis code ...</span> <span class="kd">const</span> <span class="nx">riskLevel</span> <span class="o">=</span> <span class="nf">calculateRiskLevel</span><span class="p">(</span><span class="nx">totalScore</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">recommendation</span> <span class="o">=</span> <span class="nf">generateRecommendation</span><span class="p">(</span><span class="nx">riskLevel</span><span class="p">);</span> <span class="c1">// Translate recommendation to user's language</span> <span class="k">if </span><span class="p">(</span><span class="nx">language</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">translatedRecommendation</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">translateText</span><span class="p">(</span><span class="nx">recommendation</span><span class="p">,</span> <span class="nx">language</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">riskLevel</span><span class="p">,</span> <span class="na">score</span><span class="p">:</span> <span class="nx">totalScore</span><span class="p">,</span> <span class="nx">flags</span><span class="p">,</span> <span class="na">recommendation</span><span class="p">:</span> <span class="nx">translatedRecommendation</span><span class="p">,</span> <span class="nx">extractedUrls</span><span class="p">,</span> <span class="nx">language</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Uses Lingo.dev SDK to translate text between languages</li> <li>Skips translation if no API key (graceful degradation)</li> <li>Integrates into the detection pipeline to translate analysis recommendations</li> </ul> <p><strong>Why it's important:</strong></p> <ul> <li>Makes the tool accessible globally</li> <li>Users aren't forced to read English analysis results</li> <li>Lingo.dev handles nuanced localization (not just word translation)</li> </ul> <h3> 5. Frontend Component for User Interaction </h3> <p><strong>Frontend Page</strong> β€” scanning URLs with real-time feedback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// frontend/src/app/scan-url/page.tsx</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">ScanUrlPage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">url</span><span class="p">,</span> <span class="nx">setUrl</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">""</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">result</span><span class="p">,</span> <span class="nx">setResult</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="nx">DetectionResult</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">language</span><span class="p">,</span> <span class="nx">setLanguage</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useLanguage</span><span class="p">();</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">handleScan</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">url</span><span class="p">.</span><span class="nf">trim</span><span class="p">())</span> <span class="k">return</span><span class="p">;</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nf">setError</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="nf">setResult</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Call backend API</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">checkUrl</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">language</span><span class="p">);</span> <span class="nf">setResult</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">Scan failed</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-h-screen px-4 py-16</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mx-auto max-w-2xl</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="cm">/* Header */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">h1</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">font-mono text-3xl font-bold text-[#e2e8ff]</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Scan</span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-[#ff00ff]</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">URL</span><span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="p">{</span><span class="cm">/* Input Panel */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">url</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">url</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setUrl</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span><span class="p">)}</span> <span class="nx">onKeyDown</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">e</span><span class="p">.</span><span class="nx">key</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">Enter</span><span class="dl">"</span> <span class="o">&amp;&amp;</span> <span class="nf">handleScan</span><span class="p">()}</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://suspicious-site.com</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full rounded border bg-[rgba(255,0,255,0.03)] py-3 px-4 text-[#e2e8ff]</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="p">{</span><span class="cm">/* Scan Button */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">handleScan</span><span class="p">}</span> <span class="nx">disabled</span><span class="o">=</span><span class="p">{</span><span class="nx">loading</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mt-4 px-6 py-2 bg-[#ff00ff] rounded text-white font-bold disabled:opacity-50</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">loading</span> <span class="p">?</span> <span class="dl">"</span><span class="s2">Scanning...</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">Scan URL</span><span class="dl">"</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="p">{</span><span class="cm">/* Results */</span><span class="p">}</span> <span class="p">{</span><span class="nx">result</span> <span class="o">&amp;&amp;</span> <span class="o">&lt;</span><span class="nx">ResultPanel</span> <span class="nx">result</span><span class="o">=</span><span class="p">{</span><span class="nx">result</span><span class="p">}</span> <span class="sr">/&gt;</span><span class="err">} </span> <span class="p">{</span><span class="nx">error</span> <span class="o">&amp;&amp;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-red-500</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">error</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/div&gt;</span><span class="err">} </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Provides user interface for URL scanning</li> <li>Handles loading states and error display</li> <li>Calls the backend API with user's language preference</li> <li>Uses React hooks to manage state</li> <li>Keyboard support (Enter to scan)</li> </ul> <h2> Challenges I Faced </h2> <p>Building ScamDetect involved solving several complex problems:</p> <h3> 1. <strong>OCR Accuracy &amp; Confidence Level</strong> </h3> <p><strong>The Challenge:</strong><br> Different images have different quality levels. At first I tried a common OCR library (Tesseract) but noticed it was missing characters or skipping parts of the text. That forced me to experiment with other OCR options until I found something that worked better for extracting text from screenshots such as Google Vision OCR or Microsoft Azure OCR tool. I decided to go for the Google Vision OCR since I have worked with different Google Cloud services. </p> <p>After setting up the Google Vision OCR, I had an error to enable billing because the service required enabling billing but Google could not verify every card details I tried. I decided to make use of Microsoft Azure, I signed up and fill every detailed bearing in mind that I am close but unfortunately, I could not login after signup, I kept receiving this error message :<code>"interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity. To learn more about tenant lifecycle policies, see https://aka.ms/TenantLifecycle"</code>. I had to maintain the Google Vision OCR setup since it was only billing issue.</p> <p><strong>The Solution:</strong><br> No solution yet because I am yet to figure out how to solve the billing issue. I have done everything asked of me by Google but I still have same issue. </p> <p>What I intend to do is to make a subscription on hugging face and use one of the models such as Zai for the OCR extraction. I could have used the Deepseek OCR model in Ollama but the model is large and I might not be able to use it in production, it is best used locally.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Only flag as high-risk if confidence is good</span> <span class="k">if </span><span class="p">(</span><span class="nx">confidence</span> <span class="o">&lt;</span> <span class="mf">0.7</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">"</span><span class="s2">Low OCR confidenceβ€”reducing detection sensitivity</span><span class="dl">"</span><span class="p">);</span> <span class="nx">flags</span> <span class="o">=</span> <span class="nx">flags</span><span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">f</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">f</span><span class="p">.</span><span class="nx">score</span> <span class="o">&gt;</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// Only high-confidence flags</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Integrating AI Models Reliably</strong> </h3> <p><strong>The Challenge:</strong><br> Ollama (local AI) and VirusTotal API both can fail intermittently. We can't let one failing service break the entire detection pipeline.</p> <p><strong>The Solution:</strong></p> <ul> <li>Made all external service calls <strong>optional</strong> </li> <li>If VirusTotal fails, we still return keyword-based detection</li> <li>If Ollama doesn't respond, we skip AI classification but complete the analysis</li> <li>Return partial results instead of errors</li> <li>This is called "graceful degradation" </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Ollama AI classification is optional</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">classifyWithOllama</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">import</span><span class="p">(</span><span class="dl">"</span><span class="s2">./ollamaService</span><span class="dl">"</span><span class="p">);</span> <span class="nx">aiClassification</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nf">classifyWithOllama</span><span class="p">(</span><span class="nx">text</span><span class="p">))</span> <span class="o">??</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">[AI] Error:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="c1">// Continue without AI classification</span> <span class="p">}</span> <span class="c1">// Return results even if external services failed</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">riskLevel</span><span class="p">,</span> <span class="na">score</span><span class="p">:</span> <span class="nf">calculateRiskScore</span><span class="p">(</span><span class="nx">flags</span><span class="p">),</span> <span class="c1">// Built from flags we do have</span> <span class="nx">flags</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Detection completed with available services</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <h3> 3. <strong>Managing API Call Costs and Rate Limits</strong> </h3> <p><strong>The Challenge:</strong></p> <ul> <li>VirusTotal has rate limits (free tier: 4 requests/min)</li> <li>Translation API has per-character costs</li> <li>Scanning screenshots with Google Cloud Vision costs money</li> <li>We needed to avoid wasting money on repeated scans of the same URLs</li> </ul> <p><strong>The Solution:</strong></p> <ul> <li>Implemented result caching in Supabase</li> <li>If a URL was scanned recently, return cached result instead of making new API call</li> <li>Batch translation requests when possible</li> <li>Use express-rate-limit middleware to protect our backend</li> <li>Rate limit by user and IP address </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Rate limiting in express</span> <span class="kd">const</span> <span class="nx">limiter</span> <span class="o">=</span> <span class="nf">rateLimit</span><span class="p">({</span> <span class="na">windowMs</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="c1">// 15 minutes</span> <span class="na">max</span><span class="p">:</span> <span class="mi">100</span><span class="p">,</span> <span class="c1">// Max 100 requests per IP per 15 min</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Too many requests, please try again later.</span><span class="dl">"</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">limiter</span><span class="p">);</span> </code></pre> </div> <h2> Setup Guide for Developers </h2> <p>Want to run ScamDetect yourself? Here's how to get started.</p> <h3> Prerequisites </h3> <p>Before you begin, make sure you have:</p> <ul> <li> <strong>Node.js 20+</strong> β€” <a href="https://nodejs.org" rel="noopener noreferrer">Download here</a> </li> <li> <strong>Ollama installed</strong> β€” <a href="https://ollama.ai" rel="noopener noreferrer">Download here</a> </li> <li> <strong>Git</strong> β€” <a href="https://git-scm.com" rel="noopener noreferrer">Download here</a> </li> </ul> <p>You'll also need API keys from:</p> <ul> <li> <strong>Supabase</strong> (free) β€” <a href="https://supabase.com" rel="noopener noreferrer">supabase.com</a> </li> <li> <strong>VirusTotal</strong> (free) β€” <a href="https://www.virustotal.com" rel="noopener noreferrer">virustotal.com</a> </li> <li> <strong>Google Cloud Vision</strong> (free tier) β€” <a href="https://cloud.google.com/vision" rel="noopener noreferrer">cloud.google.com</a> </li> <li> <strong>Lingo.dev</strong> (for translation) β€” <a href="https://lingo.dev" rel="noopener noreferrer">lingo.dev</a> </li> </ul> <h3> Step 1: Clone the Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/blaycoder/ScamDetect-Multilingual <span class="nb">cd </span>ScamDetect </code></pre> </div> <h3> Step 2: Setup Backend </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Navigate to backend directory</span> <span class="nb">cd </span>backend <span class="c"># Install dependencies</span> npm <span class="nb">install</span> <span class="c"># Copy environment file</span> <span class="nb">cp</span> .env.example .env <span class="c"># Edit .env with your API keys</span> nano .env <span class="c"># Fill in:</span> <span class="c"># SUPABASE_URL=your-supabase-url</span> <span class="c"># SUPABASE_KEY=your-supabase-key</span> <span class="c"># VIRUSTOTAL_API_KEY=your-virustotal-key</span> <span class="c"># GOOGLE_CLOUD_CREDENTIALS=your-google-vision-json</span> <span class="c"># LINGODOTDEV_API_KEY=your-lingo-key</span> </code></pre> </div> <p><strong>Start Ollama first</strong> (in a separate terminal):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ollama serve </code></pre> </div> <p><strong>Run the backend server:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>You should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">[Express] Server running on port 4000 [Ollama] Connected to local model </span></code></pre> </div> <h3> Step 3: Setup Frontend </h3> <p>In a new terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Navigate to frontend directory</span> <span class="nb">cd </span>frontend <span class="c"># Install dependencies</span> npm <span class="nb">install</span> <span class="c"># Create environment file</span> <span class="nb">cp</span> .env.example .env.local <span class="c"># Edit .env.local</span> nano .env.local <span class="c"># Fill in:</span> <span class="c"># NEXT_PUBLIC_API_URL=http://localhost:4000</span> <span class="c"># NEXT_PUBLIC_SUPABASE_URL=your-supabase-url</span> <span class="c"># NEXT_PUBLIC_SUPABASE_KEY=your-supabase-key</span> </code></pre> </div> <p><strong>Run the frontend:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>Open your browser to <a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a></p> <h3> Step 4: Test the Application </h3> <ol> <li> <strong>Test text scanning:</strong> Go to "Analyze Message" and paste a phishing message</li> <li> <strong>Test URL scanning:</strong> Go to "Scan URL" and paste a suspicious URL</li> <li> <strong>Test screenshot:</strong> Go to "Upload Screenshot" and upload a screenshot</li> </ol> <p>If everything works, you should see detection results with risk scores!</p> <h3> Troubleshooting </h3> <p><strong>Backend won't start:</strong></p> <ul> <li>Make sure Ollama is running (<code>ollama serve</code>)</li> <li>Check that port 4000 isn't in use: <code>lsof -i :4000</code> </li> </ul> <p><strong>Frontend can't reach backend:</strong></p> <ul> <li>Make sure <code>NEXT_PUBLIC_API_URL</code> points to your backend</li> <li>Check CORS settings in <code>backend/src/app.ts</code> </li> </ul> <p><strong>OCR not working:</strong></p> <ul> <li>Verify Google Cloud Vision credentials are correct</li> <li>Check that you have the right JSON file format</li> <li>Check that billing is enabled on Google Cloud</li> <li>Confirm that Google Vision OCR is enabled in APIs &amp; Services</li> </ul> <p><strong>Ollama responses are slow:</strong></p> <ul> <li>First response can take 10-30 seconds</li> <li>Subsequent responses should be faster (model is cached in memory)</li> </ul> <h2> Real World Applications </h2> <p>ScamDetect isn't just a technical projectβ€”it has real impact on people's lives.</p> <h3> Use Case 1: <strong>Protecting Vulnerable Communities</strong> </h3> <p>A grandmother in rural India receives a WhatsApp message claiming to be from her bank. The message asks her to "verify her account" by clicking a link. She's not tech-savvy and the message looks official.</p> <p>Instead of losing β‚Ή50,000 to the scammer, she pastes the message into ScamDetect. The system detects phishing keywords and suspicious domain patterns. The result appears in Hindi, her native language. She learns not to click the link.</p> <p><strong>Impact:</strong> One person saved from financial loss.</p> <h3> Use Case 2: <strong>Supporting Small Business Owners</strong> </h3> <p>A small business owner in Mexico receives an email claiming to be from "PayPal Support" asking him to verify his account. He doesn't speak English well, but he can use ScamDetect to analyze the email in Spanish.</p> <p>ScamDetect detects:</p> <ul> <li>Phishing keywords</li> <li>Domain impersonation (fake PayPal domain)</li> <li>VirusTotal flags from multiple antivirus engines</li> </ul> <p><strong>Impact:</strong> Business owner avoids losing business payment data.</p> <h3> Use Case 3: <strong>Educational Outreach</strong> </h3> <p>Schools and cybersecurity awareness programs can use ScamDetect to teach students about phishing in their native language. Instead of abstract lessons, students can:</p> <ul> <li>Scan real (anonymized) phishing attempts</li> <li>See how detection works</li> <li>Understand the techniques scammers use</li> </ul> <p><strong>Impact:</strong> Next generation grows up more phishing-aware.</p> <h2> Key Takeaways </h2> <p>Building ScamDetect taught me several important lessons:</p> <ol> <li><p><strong>Accessibility matters</strong> β€” A tool is only useful if people can actually use it. Multilingual support isn't a nice-to-have, it's essential.</p></li> <li><p><strong>AI + APIs = powerful combinations</strong> β€” Combining local AI (Ollama) with threat intelligence APIs (VirusTotal) creates something stronger than either alone.</p></li> <li><p><strong>Graceful degradation</strong> β€” Don't let one failing service break your whole system. Build systems that work with partial data.</p></li> <li><p><strong>Open source tools are powerful</strong> β€” Ollama, Mistral, Google Cloud Vision, and VirusTotal's free tier made this project possible without massive cloud budgets.</p></li> <li><p><strong>Real-world problems inspire good design</strong> β€” Building something that helps people avoid financial loss is more motivating than building for the sake of building.</p></li> </ol> <h2> Get to know me: </h2> <p><strong>GitHub:</strong> <a href="https://github.com/blaycoder" rel="noopener noreferrer">github.com/blaycoder</a></p> <p><strong>Linkedin:</strong> <a href="https://www.linkedin.com/in/ayomide-onatola-3180281a5" rel="noopener noreferrer">https://www.linkedin.com/in/ayomide-onatola-3180281a5</a></p> <p><strong>X:</strong> <a href="https://x.com/blaycoder" rel="noopener noreferrer">https://x.com/blaycoder</a></p> <h2> Conclusion </h2> <p>Phishing and scams are one of the biggest cybersecurity threats facing everyday people. Language barriers shouldn't make anyone more vulnerable.</p> <p>ScamDetect is my attempt to make the internet a little bit safer, one multilingual detection at a time.</p> <p>If you found this interesting, I'd love to hear your thoughts! Feel free to comment, ask questions, or share your own experiences building security tools.</p> <p>Before I drop my pen, check out this post written by me to <strong>understand why your privacy is important</strong>: <a href="https://www.linkedin.com/posts/ayomide-onatola-3180281a5_understanding-your-privacy-is-very-important-activity-7414363336198328320-vojZ?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAC_hKcQBbj-msL4RbOja3WJP4p1Ne_CeMEU" rel="noopener noreferrer">Understanding your privacy is very important</a></p> <p><strong>Stay safe out there! πŸ›‘οΈ</strong></p> ai cybersecurity nextjs security Why HTML is a must for every website blaycoder Thu, 19 May 2022 07:30:02 +0000 https://dev.to/blaycoder/why-html-is-a-must-for-every-website-3gic https://dev.to/blaycoder/why-html-is-a-must-for-every-website-3gic <p>HTML is an abbreviation of <em>HYPERTEXT MARKUP LANGUAGE</em>. HTML is a language that makes a website well-structured. We can say HTML is a skeletal part of a website. HTML allows you to view the contents on your web page.<br> <strong><em>HTML is not a programming language.</em></strong><br> It's just a way of communicating to the browser what should be on a website. </p> <p>With the help of elements like </p> <p><code>&lt;head&gt;,&lt;title&gt;,&lt;main&gt;, &lt;header&gt;, &lt;p&gt;, &lt;footer&gt;, &lt;ul&gt;, &lt;body&gt;</code><br> , and many more, you can format and organize a webpage.<br> HTML create an interface that allows you to add text, images, buttons, text field, video, audio and many more. Now, you can see why HTML is a must for every website.</p> <p>HTML semantics helps give meaning to a webpage. Users have better experience on your website when you make use of semantic elements because of its accessibility. More info on semantics [(<a href="https://developer.mozilla.org/en-US/docs/Glossary/Semantics)">https://developer.mozilla.org/en-US/docs/Glossary/Semantics)</a>]</p> <p>HTML can also be referred to as the building block of a website. or the foundation of a website. Without the foundation, you can't build a house. Without HTML,you can't have a structured website. </p> <p>Examples of websites that make use of HTML are google.com, geeksforgeeks.com, waiting.zuriboard.com, freecodecamp.com etc</p> <p>There are 15 HTML empty tags which are:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;p&gt; - It gives paragraph to a text &lt;br/&gt; - Line break, it creates a new line whenever it's used. &lt;img/&gt; - Insert an image into a webpage &lt;area&gt; - It is used to map a portion of an image to make it clickable by the end-user. It is used to direct the user to different links after the user clicks on the mapped portions of the image. It is used as a child tag of the &lt;map&gt; tag. &lt;base&gt; - For all relative URLs in a document, the base URL is specified to use with the &lt;base&gt; element. Only one &lt;base&gt; element can be used in a document. &lt;col&gt; - The &lt;col&gt; tag in HTML is used to set the column properties for each column within a &lt;colgroup&gt; tag. This tag is used to set the style property to each column. &lt;embed&gt; - The &lt;embed&gt; tag in HTML is used for embedding external applications which are generally multimedia content like audio or video into an HTML document. It is used as a container for embedding plug-ins such as flash animations. &lt;hr&gt; - A thematic break between paragraph-level components is represented by the &lt;hr&gt; element. It looks like a line &lt;input&gt; - This empty element is used to create interactive controls for web-based applications and forms, for accepting the information from the user such as an address, name, phone number, etc, depending on a variety of types of input data and control widgets are available. &lt;link&gt; - The HTML element &lt;link&gt; is used to establish a connection between the current content and an external resource. &lt;meta&gt; - The &lt;meta&gt; HTML element represents metadata i.e., information of a information. &lt;param&gt; - The &lt;param&gt; tag in HTML is used to define a parameter for plug-ins which is associated with &lt;object&gt; element. &lt;source&gt; - The &lt;source&gt; element is an empty element that provides various media resources for the &lt;image&gt;, &lt;audio&gt;, or &lt;video&gt; elements. It provides the same media material in several file formats to ensure compatibility with a wide variety of browsers, as image and media file formats are supported by the browsers differently. &lt;wbr&gt; - The &lt;wbr&gt; tag in HTML stands for word break opportunity and is used to define the position within the text which is treated as a line break by the browser. It is mostly used when the used word is too long and there are chances that the browser may break lines at the wrong place for fitting the text. &lt;track&gt; - The &lt;track&gt; tag specifies text tracks for media components audio and video. This part is employed to specify subtitles, caption files, or different files containing text, that ought to be visible once the media is taking part in. The &lt;track&gt; element is an empty HTML element that is used as a child of the audio and video media components. It allows you to define timed text tracks (or time-based data), for example, to handle subtitles automatically. &lt;keygen&gt; - It is used to specify a key-pair generator in a HTML form. A private and public key will be generated. The private will be saved in the browser local key storage while a public key will be sent to the server. Note: The tag is no more recommended. </code></pre> </div> <p><strong>Below are 25 container tags</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;h1&gt; to &lt;h6&gt;&lt;/h1&gt;to&lt;/h6&gt; - This is meant for headings. H1 is the main heading, H2 is secondary, etc. &lt;p&gt;&lt;/p&gt; - It create a new paragraph &lt;div&gt;&lt;/div&gt; - A container for a block of content &lt;span&gt;&lt;/span&gt; - A container for inline content, such as content inside a paragraph &lt;em&gt;&lt;/em&gt; - Gives the contained text emphasis (usually as italics). &lt;strong&gt;&lt;/strong&gt; - It gives a bold text &lt;title&gt;&lt;/title&gt; - It gives a document a title. &lt;head&gt;&lt;/head&gt; - It contains important information about the document which are machine-readable. &lt;a&gt;&lt;/a&gt; - This create a link that can connect to a another webpage &lt;section&gt;&lt;/section&gt; - defines the section of documents such as chapters, headers, footers or any other sections. &lt;ul&gt;&lt;/ul&gt; - creates an unordered list &lt;ol&gt;&lt;/ol&gt; - creates an ordered list &lt;li&gt;&lt;/li&gt; - creates bullet list &lt;footer&gt;&lt;/footer&gt; - This is a semantic tag that defines the footer of a document. &lt;aside&gt;&lt;/aside&gt; - the tag defines some content aside from the content it is placed in. &lt;code&gt;&lt;/code&gt; - The &lt;code&gt; tag is used to define a piece of computer code. &lt;textarea&gt;&lt;/textarea&gt; - it allows multi-line text input. It commonly used in a form. &lt;th&gt;&lt;/th&gt; - The &lt;th&gt; tag defines a header cell in an HTML table. &lt;progress&gt;&lt;/progress&gt; - The &lt;progress&gt; tag represents the completion progress of a task. &lt;blockquote&gt;&lt;/blockquote&gt; - The &lt;blockquote&gt; tag specifies a section that is quoted from another source. &lt;button&gt;&lt;/button&gt; - The &lt;button&gt; tag defines a clickable button. It is commonly used after filling a form in a website. &lt;legend&gt;&lt;/legend&gt; - The &lt;legend&gt; tag defines a caption for the &lt;fieldset&gt; element. &lt;main&gt;&lt;/main&gt; - The &lt;main&gt; tag defines the main content of a document. &lt;option&gt;&lt;/option&gt; - The &lt;option&gt; tag defines an option in a select list. &lt;script&gt;&lt;/script&gt; - The &lt;script&gt; tag is used to embed a client-side script (JavaScript). &lt;svg&gt;&lt;/svg&gt; - The &lt;svg&gt; tag defines a container for SVG graphics. SVG has several methods for drawing paths, boxes, circles, text, and graphic images. </code></pre> </div> <p><strong>RESOURCES</strong><br> <a href="https://calltutors.com/blog/importance-of-html">https://calltutors.com/blog/importance-of-html</a><br> <a href="https://developer.mozilla.org">https://developer.mozilla.org</a><br> <a href="https://matthewjamestaylor.com/empty-tags">https://matthewjamestaylor.com/empty-tags</a><br> <a href="https://www.washington.edu/accesscomputing/webd2/student/unit2/common_tags.html">https://www.washington.edu/accesscomputing/webd2/student/unit2/common_tags.html</a><br> <a href="https://www.geeksforgeeks.org/what-are-empty-elements-in-html/">https://www.geeksforgeeks.org/what-are-empty-elements-in-html/</a><br> <a href="http://www.w3schools.com">www.w3schools.com</a></p> html beginners webdev showdev