The Challenge
In the digital world, the line between real and fake is increasingly blurred. Armed with AI tools, scammers can replicate trusted brand websites in minutes, fooling even the most cautious users. The result is a devastating $500 billion industry, with rising numbers of people—especially vulnerable members of society—falling victim to phishing scams, often losing their life savings.This threat is growing fast, while traditional anti-scam software struggles to keep up. Most tools rely on identifying known malicious URLs—reacting only after someone has been scammed. Netsafe is funded by the New Zealand Government to tackle online harm. They recognised the urgent need for innovation. Online scammers exploit the trust established by the advertising industry between our client’s brands and their customers. If a site looks legitimate, users trust it, regardless of the URL. As brand experts, we turned brand trust into a defence. ScamProof leverages brand guidelines to recognise scams visually, before a user even clicks through. At a time when misinformation and digital scams are at an all-time high, ScamProof offers a new kind of protection—driven by brand integrity, powered by design, and focused on prevention over reaction.
The Solution
ScamProof is a phishing detection system that analyses a website’s visual identity—an approach that traditional tools have overlooked. When a user uses ScamProof’s VPN, we inspect requests at the DNS and HTTPS levels to identify the destination and collect masked connection metadata. This information is securely anonymised and inaccessible to human operators, preserving user privacy. If the site is new or unknown, ScamProof launches an optimized parallel process on our servers to extract identity markers—such as fonts, colour schemes, layout patterns, styling logic, and front-end frameworks. These are compared to a detection matrix developed for trusted brands. We build these brand profiles by parsing code-level design traits from their websites, capturing consistent visual and structural signals. Rather than relying on traditional blocklists or threat feeds, ScamProof evaluates whether a site visually and structurally mimics a known brand. If the resemblance is strong, users receive a real-time alert. They can dismiss the warning or report false positives, which are then used to train and refine the model. By focusing on visual identity at a code level—within a privacy-respecting, server-based architecture—ScamProof delivers precise, proactive protection against phishing threats that appear deceptively legitimate.
