Merge pull request #13 from GYFX35/feature/expand-fraud-prevention

feat: Expand fraud prevention to fintechs and banks

Author: GYFX35

social_media_analyzer/__pycache__/__init__.cpython-312.pyc

@@ -31,6 +31,13 @@
     "badoo": ["badoo.com"],
     "binance": ["binance.com"],
     "sharechat": ["sharechat.com"],
+    "paypal": ["paypal.com", "paypal.me"],
+    "stripe": ["stripe.com", "stripe.io"],
+    "payoneer": ["payoneer.com"],
+    "banks": [ # General list, can be expanded
+        "bankofamerica.com", "chase.com", "wellsfargo.com", "citibank.com",
+        "hsbc.com", "barclays.com", "deutsche-bank.com", "santander.com"
+    ],
     "general": ["google.com"]
 }
 
@@ -86,7 +93,11 @@
 PAYMENT_KEYWORDS = [
     "payment", "invoice", "bill", "outstanding balance", "transfer funds",
     "wire transfer", "gift card", "cryptocurrency", "bitcoin", "western union", "moneygram",
-    "urgent payment needed", "settle your account"
+    "urgent payment needed", "settle your account",
+    # Fintech specific
+    "paypal", "stripe", "payoneer", "cash app", "venmo", "zelle",
+    # Bank transfer specific
+    "bank transfer", "wire details", "account details", "iban", "swift code", "bic"
 ]
 
 
@@ -107,10 +118,12 @@
     '.link', '.click', '.site', '.live', '.buzz', '.stream', '.download',
 ]
 
-# Pattern for detecting strings that look like cryptocurrency addresses
-CRYPTO_ADDRESS_PATTERNS = {
+# Pattern for detecting strings that look like financial identifiers
+FINANCIAL_ADDRESS_PATTERNS = {
     "BTC": re.compile(r'\b(1[a-km-zA-HJ-NP-Z1-9]{25,34}|3[a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[a-zA-HJ-NP-Z0-9]{25,90})\b'),
     "ETH": re.compile(r'\b(0x[a-fA-F0-9]{40})\b'),
+    "IBAN": re.compile(r'\b([A-Z]{2}\d{2}[A-Z0-9]{11,30})\b'),
+    "SWIFT_BIC": re.compile(r'\b([A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?)\b'),
 }
 
 # Pattern for phone numbers
@@ -121,9 +134,14 @@
 # Suspicious URL Patterns
 # These patterns aim to catch URLs that impersonate legitimate domains.
 SUSPICIOUS_URL_PATTERNS = [
-    # Impersonation using subdomains or hyphens
+    # Impersonation using subdomains or hyphens for social media and general platforms
     r"https?://(?:[a-z0-9\-]+\.)*(?:facebook|fb|instagram|whatsapp|tiktok|tinder|snapchat|wechat|telegram|twitter|pinterest|linkedin|line|discord|teams|zoom|amazon|alibaba|youtube|skype|vk|reddit|viber|signal|badoo|binance|sharechat)\.com\.[a-z0-9\-]+\.[a-z]+",
     r"https?://(?:[a-z0-9\-]+\.)*(?:facebook|fb|instagram|whatsapp|tiktok|tinder|snapchat|wechat|telegram|twitter|pinterest|linkedin|line|discord|teams|zoom|amazon|alibaba|youtube|skype|vk|reddit|viber|signal|badoo|binance|sharechat)-[a-z0-9\-]+\.[a-z]+",
+
+    # Impersonation for fintech and banks
+    r"https?://(?:[a-z0-9\-]+\.)*(?:paypal|stripe|payoneer|bankofamerica|chase|wellsfargo|citibank|hsbc|barclays)\.com\.[a-z0-9\-]+\.[a-z]+",
+    r"https?://(?:[a-z0-9\-]+\.)*(?:paypal|stripe|payoneer|bankofamerica|chase|wellsfargo|citibank|hsbc|barclays)-[a-z0-9\-]+\.[a-z]+",
+
     # Common URL shorteners
     r"https?://bit\.ly",
     r"https?://goo\.gl",
@@ -148,7 +166,10 @@
     "PAYMENT_REQUEST": 1.5,
     "SUSPICIOUS_URL_KEYWORD": 1.0,
     "SUSPICIOUS_TLD": 2.0,
-    "CRYPTO_ADDRESS": 2.5,
+    "BTC_ADDRESS": 2.5,
+    "ETH_ADDRESS": 2.5,
+    "IBAN_ADDRESS": 3.0,
+    "SWIFT_BIC_ADDRESS": 3.0,
     "PHONE_NUMBER_UNSOLICITED": 1.0,
     "SUSPICIOUS_URL_PATTERN": 3.0, # High weight for matching a suspicious URL pattern
 }

social_media_analyzer/__pycache__/heuristics.cpython-312.pyc

@@ -9,7 +9,7 @@
     PAYMENT_KEYWORDS,
     URL_PATTERN,
     SUSPICIOUS_TLDS,
-    CRYPTO_ADDRESS_PATTERNS,
+    FINANCIAL_ADDRESS_PATTERNS,
     PHONE_NUMBER_PATTERN,
     HEURISTIC_WEIGHTS,
     LEGITIMATE_DOMAINS,
@@ -109,13 +109,13 @@ def analyze_text_for_scams(text_content, platform=None):
             indicators_found.append(f"Suspicious URL found: {url_str} (Reason: {reason})")
         urls_analyzed_details.append(url_analysis)
 
-    # 3. Crypto Addresses
-    for crypto_name, pattern in CRYPTO_ADDRESS_PATTERNS.items():
+    # 3. Financial Identifiers
+    for id_name, pattern in FINANCIAL_ADDRESS_PATTERNS.items():
         if pattern.search(text_content):
-            message = f"Potential {crypto_name} cryptocurrency address found."
+            message = f"Potential {id_name} identifier found."
             if message not in indicators_found:
                 indicators_found.append(message)
-                score += HEURISTIC_WEIGHTS.get("CRYPTO_ADDRESS", 2.5)
+                score += HEURISTIC_WEIGHTS.get(f"{id_name}_ADDRESS", 2.5)
 
     # 4. Phone Numbers
     if PHONE_NUMBER_PATTERN.search(text_content):
@@ -130,22 +130,3 @@ def analyze_text_for_scams(text_content, platform=None):
         "urls_analyzed": urls_analyzed_details
     }
 
-if __name__ == '__main__':
-    # Example Usage
-    test_message = "URGENT: Your Instagram account has unusual activity. Please verify your account now by clicking http://instagram.security-update.com/login to avoid suspension."
-    analysis_result = analyze_text_for_scams(test_message, platform="instagram")
-    print(f"--- Analyzing Instagram Scam Message ---")
-    print(f"Message: {test_message}")
-    print(f"Score: {analysis_result['score']}")
-    print("Indicators:")
-    for indicator in analysis_result['indicators_found']:
-        print(f"  - {indicator}")
-
-    test_message_whatsapp = "Hey, check out this link: http://wa.me/1234567890. Also, please send money to my bitcoin wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"
-    analysis_result_whatsapp = analyze_text_for_scams(test_message_whatsapp, platform="whatsapp")
-    print(f"\n--- Analyzing WhatsApp Message ---")
-    print(f"Message: {test_message_whatsapp}")
-    print(f"Score: {analysis_result_whatsapp['score']}")
-    print("Indicators:")
-    for indicator in analysis_result_whatsapp['indicators_found']:
-        print(f"  - {indicator}")

social_media_analyzer/__pycache__/scam_detector.cpython-312.pyc

@@ -0,0 +1,42 @@
+from social_media_analyzer.scam_detector import analyze_text_for_scams
+
+if __name__ == '__main__':
+    # Example Usage
+    test_cases = {
+        "Instagram Phishing": {
+            "message": "URGENT: Your Instagram account has unusual activity. Please verify your account now by clicking http://instagram.security-update.com/login to avoid suspension.",
+            "platform": "instagram"
+        },
+        "WhatsApp Crypto Scam": {
+            "message": "Hey, check out this link: http://wa.me/1234567890. Also, please send money to my bitcoin wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa",
+            "platform": "whatsapp"
+        },
+        "PayPal Phishing": {
+            "message": "Your PayPal account has been limited. Please log in to http://paypal-support-uk.com/login to restore access. Your invoice is attached.",
+            "platform": "paypal"
+        },
+        "Stripe Phishing": {
+            "message": "There was a problem with your recent payment on Stripe. Please update your payment information at http://stripe-billing-update.com",
+            "platform": "stripe"
+        },
+        "Payoneer Scam": {
+            "message": "Congratulations! You've received a payment of $5000 via Payoneer. Please confirm your details at http://payoneer.rewards.xyz to claim your funds.",
+            "platform": "payoneer"
+        },
+        "Bank Transfer Fraud": {
+            "message": "Urgent invoice payment required. Please transfer the amount to IBAN DE89370400440532013000, SWIFT/BIC COBADEFFXXX. Your account will be suspended otherwise.",
+            "platform": "banks"
+        }
+    }
+
+    for name, data in test_cases.items():
+        analysis_result = analyze_text_for_scams(data["message"], platform=data["platform"])
+        print(f"\n--- Analyzing: {name} ---")
+        print(f"Message: {data['message']}")
+        print(f"Score: {analysis_result['score']}")
+        print("Indicators:")
+        for indicator in analysis_result['indicators_found']:
+            print(f"  - {indicator}")
+        print("URLs Analyzed:")
+        for url_info in analysis_result['urls_analyzed']:
+            print(f"  - URL: {url_info['url']}, Suspicious: {url_info['is_suspicious']}, Reason: {url_info['reason']}")