feat: Expand fraud prevention to fintechs and banks

This commit expands the fraud prevention capabilities of the social media analyzer to include heuristics for detecting scams related to fintech platforms (Stripe, PayPal, Payoneer) and bank transfers.

The changes include:
- Updating `LEGITIMATE_DOMAINS` to include the official domains of the new platforms.
- Expanding `PAYMENT_KEYWORDS` with terms specific to these fintechs and bank transfers.
- Adding regex patterns for IBAN and SWIFT/BIC codes to a newly renamed `FINANCIAL_ADDRESS_PATTERNS` dictionary.
- Updating `SUSPICIOUS_URL_PATTERNS` to catch phishing attempts impersonating these services.
- Adding corresponding weights to `HEURISTIC_WEIGHTS` for the new patterns.
- Creating a `test_runner.py` script with a comprehensive set of test cases to verify the new functionality.

Author: google-labs-jules[bot]

social_media_analyzer/__pycache__/__init__.cpython-312.pyc

@@ -31,6 +31,13 @@
     "badoo": ["badoo.com"],
     "binance": ["binance.com"],
     "sharechat": ["sharechat.com"],
+    "paypal": ["paypal.com", "paypal.me"],
+    "stripe": ["stripe.com", "stripe.io"],
+    "payoneer": ["payoneer.com"],
+    "banks": [ # General list, can be expanded
+        "bankofamerica.com", "chase.com", "wellsfargo.com", "citibank.com",
+        "hsbc.com", "barclays.com", "deutsche-bank.com", "santander.com"
+    ],
     "general": ["google.com"]
 }
 
@@ -86,7 +93,11 @@
 PAYMENT_KEYWORDS = [
     "payment", "invoice", "bill", "outstanding balance", "transfer funds",
     "wire transfer", "gift card", "cryptocurrency", "bitcoin", "western union", "moneygram",
-    "urgent payment needed", "settle your account"
+    "urgent payment needed", "settle your account",
+    # Fintech specific
+    "paypal", "stripe", "payoneer", "cash app", "venmo", "zelle",
+    # Bank transfer specific
+    "bank transfer", "wire details", "account details", "iban", "swift code", "bic"
 ]
 
 
@@ -107,10 +118,12 @@
     '.link', '.click', '.site', '.live', '.buzz', '.stream', '.download',
 ]
 
-# Pattern for detecting strings that look like cryptocurrency addresses
-CRYPTO_ADDRESS_PATTERNS = {
+# Pattern for detecting strings that look like financial identifiers
+FINANCIAL_ADDRESS_PATTERNS = {
     "BTC": re.compile(r'\b(1[a-km-zA-HJ-NP-Z1-9]{25,34}|3[a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[a-zA-HJ-NP-Z0-9]{25,90})\b'),
     "ETH": re.compile(r'\b(0x[a-fA-F0-9]{40})\b'),
+    "IBAN": re.compile(r'\b([A-Z]{2}\d{2}[A-Z0-9]{11,30})\b'),
+    "SWIFT_BIC": re.compile(r'\b([A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?)\b'),
 }
 
 # Pattern for phone numbers
@@ -121,9 +134,14 @@
 # Suspicious URL Patterns
 # These patterns aim to catch URLs that impersonate legitimate domains.
 SUSPICIOUS_URL_PATTERNS = [
-    # Impersonation using subdomains or hyphens
+    # Impersonation using subdomains or hyphens for social media and general platforms
     r"https?://(?:[a-z0-9\-]+\.)*(?:facebook|fb|instagram|whatsapp|tiktok|tinder|snapchat|wechat|telegram|twitter|pinterest|linkedin|line|discord|teams|zoom|amazon|alibaba|youtube|skype|vk|reddit|viber|signal|badoo|binance|sharechat)\.com\.[a-z0-9\-]+\.[a-z]+",
     r"https?://(?:[a-z0-9\-]+\.)*(?:facebook|fb|instagram|whatsapp|tiktok|tinder|snapchat|wechat|telegram|twitter|pinterest|linkedin|line|discord|teams|zoom|amazon|alibaba|youtube|skype|vk|reddit|viber|signal|badoo|binance|sharechat)-[a-z0-9\-]+\.[a-z]+",
+
+    # Impersonation for fintech and banks
+    r"https?://(?:[a-z0-9\-]+\.)*(?:paypal|stripe|payoneer|bankofamerica|chase|wellsfargo|citibank|hsbc|barclays)\.com\.[a-z0-9\-]+\.[a-z]+",
+    r"https?://(?:[a-z0-9\-]+\.)*(?:paypal|stripe|payoneer|bankofamerica|chase|wellsfargo|citibank|hsbc|barclays)-[a-z0-9\-]+\.[a-z]+",
+
     # Common URL shorteners
     r"https?://bit\.ly",
     r"https?://goo\.gl",
@@ -148,7 +166,10 @@
     "PAYMENT_REQUEST": 1.5,
     "SUSPICIOUS_URL_KEYWORD": 1.0,
     "SUSPICIOUS_TLD": 2.0,
-    "CRYPTO_ADDRESS": 2.5,
+    "BTC_ADDRESS": 2.5,
+    "ETH_ADDRESS": 2.5,
+    "IBAN_ADDRESS": 3.0,
+    "SWIFT_BIC_ADDRESS": 3.0,
     "PHONE_NUMBER_UNSOLICITED": 1.0,
     "SUSPICIOUS_URL_PATTERN": 3.0, # High weight for matching a suspicious URL pattern
 }

social_media_analyzer/__pycache__/heuristics.cpython-312.pyc

@@ -9,7 +9,7 @@
     PAYMENT_KEYWORDS,
     URL_PATTERN,
     SUSPICIOUS_TLDS,
-    CRYPTO_ADDRESS_PATTERNS,
+    FINANCIAL_ADDRESS_PATTERNS,
     PHONE_NUMBER_PATTERN,
     HEURISTIC_WEIGHTS,
     LEGITIMATE_DOMAINS,
@@ -109,13 +109,13 @@ def analyze_text_for_scams(text_content, platform=None):
             indicators_found.append(f"Suspicious URL found: {url_str} (Reason: {reason})")
         urls_analyzed_details.append(url_analysis)
 
-    # 3. Crypto Addresses
-    for crypto_name, pattern in CRYPTO_ADDRESS_PATTERNS.items():
+    # 3. Financial Identifiers
+    for id_name, pattern in FINANCIAL_ADDRESS_PATTERNS.items():
         if pattern.search(text_content):
-            message = f"Potential {crypto_name} cryptocurrency address found."
+            message = f"Potential {id_name} identifier found."
             if message not in indicators_found:
                 indicators_found.append(message)
-                score += HEURISTIC_WEIGHTS.get("CRYPTO_ADDRESS", 2.5)
+                score += HEURISTIC_WEIGHTS.get(f"{id_name}_ADDRESS", 2.5)
 
     # 4. Phone Numbers
     if PHONE_NUMBER_PATTERN.search(text_content):
@@ -130,22 +130,3 @@ def analyze_text_for_scams(text_content, platform=None):
         "urls_analyzed": urls_analyzed_details
     }
 
-if __name__ == '__main__':
-    # Example Usage
-    test_message = "URGENT: Your Instagram account has unusual activity. Please verify your account now by clicking http://instagram.security-update.com/login to avoid suspension."
-    analysis_result = analyze_text_for_scams(test_message, platform="instagram")
-    print(f"--- Analyzing Instagram Scam Message ---")
-    print(f"Message: {test_message}")
-    print(f"Score: {analysis_result['score']}")
-    print("Indicators:")
-    for indicator in analysis_result['indicators_found']:
-        print(f"  - {indicator}")
-
-    test_message_whatsapp = "Hey, check out this link: http://wa.me/1234567890. Also, please send money to my bitcoin wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"
-    analysis_result_whatsapp = analyze_text_for_scams(test_message_whatsapp, platform="whatsapp")
-    print(f"\n--- Analyzing WhatsApp Message ---")
-    print(f"Message: {test_message_whatsapp}")
-    print(f"Score: {analysis_result_whatsapp['score']}")
-    print("Indicators:")
-    for indicator in analysis_result_whatsapp['indicators_found']:
-        print(f"  - {indicator}")

social_media_analyzer/__pycache__/scam_detector.cpython-312.pyc

@@ -0,0 +1,42 @@
+from social_media_analyzer.scam_detector import analyze_text_for_scams
+
+if __name__ == '__main__':
+    # Example Usage
+    test_cases = {
+        "Instagram Phishing": {
+            "message": "URGENT: Your Instagram account has unusual activity. Please verify your account now by clicking http://instagram.security-update.com/login to avoid suspension.",
+            "platform": "instagram"
+        },
+        "WhatsApp Crypto Scam": {
+            "message": "Hey, check out this link: http://wa.me/1234567890. Also, please send money to my bitcoin wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa",
+            "platform": "whatsapp"
+        },
+        "PayPal Phishing": {
+            "message": "Your PayPal account has been limited. Please log in to http://paypal-support-uk.com/login to restore access. Your invoice is attached.",
+            "platform": "paypal"
+        },
+        "Stripe Phishing": {
+            "message": "There was a problem with your recent payment on Stripe. Please update your payment information at http://stripe-billing-update.com",
+            "platform": "stripe"
+        },
+        "Payoneer Scam": {
+            "message": "Congratulations! You've received a payment of $5000 via Payoneer. Please confirm your details at http://payoneer.rewards.xyz to claim your funds.",
+            "platform": "payoneer"
+        },
+        "Bank Transfer Fraud": {
+            "message": "Urgent invoice payment required. Please transfer the amount to IBAN DE89370400440532013000, SWIFT/BIC COBADEFFXXX. Your account will be suspended otherwise.",
+            "platform": "banks"
+        }
+    }
+
+    for name, data in test_cases.items():
+        analysis_result = analyze_text_for_scams(data["message"], platform=data["platform"])
+        print(f"\n--- Analyzing: {name} ---")
+        print(f"Message: {data['message']}")
+        print(f"Score: {analysis_result['score']}")
+        print("Indicators:")
+        for indicator in analysis_result['indicators_found']:
+            print(f"  - {indicator}")
+        print("URLs Analyzed:")
+        for url_info in analysis_result['urls_analyzed']:
+            print(f"  - URL: {url_info['url']}, Suspicious: {url_info['is_suspicious']}, Reason: {url_info['reason']}")