Love Pass — A platform where great ideas spark change. Share your creativity, actions, and stories, and connect with dreamers worldwide to make the world a better place.

How to develop solutions to tackle fraud

Can GPT Check SMS and Incoming Calls for Fraud?

ChatGPT says: Yes, but not directly on your phone locally for “intercept + detection” (due to permission and legal issues). Instead, it can be done through cloud/API checking. The most feasible way currently → GPT first checks the SMS content or incoming call info → then returns the risk assessment.

✅ Possible Approaches

Feature Feasibility Description
SMS text fraud detection ✅ Fully feasible Simply upload the text to GPT to detect fraud, fake bank messages, phishing links
Incoming phone number checking ✅ Feasible Match with spam call databases + fraud pattern models
Auto-mark suspicious messages ✅ Feasible Return “high risk,” “suspicious,” or “safe”
Real-time pop-up alerts during calls ⚠️ Feasible but requires app permissions Must be implemented in an app (Android 100% possible / iOS requires CallKit)
Fully automated GPT call answering ❌ Not possible Legal & phone interface restrictions (VoIP or call simulation is possible as a workaround)

Typical Implementation Architecture

Phone SMS / Incoming Call
        ↓
App (collects data first)
        ↓
GPT API (analyzes fraud language features)
        ↓
Return analysis results (risk level)
        ↓
Phone displays alert

Fraud Types GPT Can Detect

  • ✔️ Fake bank / government messages
  • ✔️ Investment / gambling / high-yield scams
  • ✔️ Logistics scams (UPS, DHL, Chunghwa Post)
  • ✔️ Pretending to be friends/family (loan/emergency)
  • ✔️ Phishing link inducements
  • ✔️ Fake court / police notifications

GPT’s advantage: smarter than traditional keyword blacklists, able to detect paraphrasing or messages without explicit keywords.

1) Cloud Cost Estimation (Architecture-oriented)

Main Cost Components

GPT API (or other LLM) usage

Cost formula:
Monthly Cost = Daily Messages × 30 × Average Tokens per Message × (API Price / 1000)

Example: If 10,000 messages per day, 200 tokens/message, API price $0.03 per 1k tokens:
10,000 × 30 × 200 × (0.03 / 1000) = $1,800/month

Backend server (processing / logging / webhook)

  • Small (low traffic): 1–2 small VMs (0.5–2 vCPU) or 1 serverless instance → ~$20–$150/month
  • Medium (medium traffic): multiple instances + load → $200–$800/month
  • Large (high traffic): Kubernetes / auto-scale → $800+/month

Database / log storage (Firestore / DynamoDB / RDS)

Cost depends on read/write frequency and retention period: low traffic <$50/month; medium/high traffic hundreds to thousands USD/month

Recommendation: store only necessary metadata (hash/fingerprint), keep sensitive content short-term (7–30 days)

URL security / URL parsing

Using third-party malicious URL API (like VirusTotal) incurs additional cost, ranging $0–hundreds/month

Push/App notifications

Basically free (APNs/FCM), but third-party services may charge

Monitoring / logs / SRE

$0–$200+/month depending on monitoring depth

Network costs (egress)

Large webhook / multimedia usage increases egress costs, evaluate cloud provider pricing

Example Monthly Cost for a Small Product

  • Daily messages: 5,000
  • Avg tokens/message: 150
  • API price: $0.03 per 1k tokens

GPT API: 5,000 × 30 × 150 × (0.03 / 1000) = $675
Backend + DB: $150
Malicious URL checking service: $50
Monitoring + cloud servers: $100
Estimated total: ~$975/month

Tip: For high volume (100k/day), GPT API is the main cost driver. Consider first-pass rules (keywords/blacklists/simple ML) to reduce LLM calls.

2) Legal Compliance / Risk Mitigation

Why automated call answering / replying is discouraged

  • Privacy & consent: Auto-recording or answering calls may require one- or two-party consent in many jurisdictions; violating can incur legal risk.
  • Telecom law & interface restrictions: Mobile platforms strictly control auto-block, auto-answer, or call relay; some countries require telecom license.
  • Fraudster countermeasures: Auto-response may be exploited to collect more fraud info or abused, increasing platform liability.
  • Identity & authorization issues: Auto-answering could mislead users into thinking it’s the service; wrong reply may cause financial/data exposure, unclear liability.

Compliance & Risk Mitigation

  • Obtain explicit user consent: clearly check in app privacy terms and record time/version
  • Limit scope: only upload SMS text and incoming number + public number info to cloud, do not upload full call audio or sensitive info
  • Data minimization & encryption: use TLS for transmission, encrypt sensitive DB fields, retention period limited (7–30 days)
  • Provide manual review & appeal: high-risk cases should have human review and user appeal option
  • Legal consultation: check local cybersecurity and telecom regulations before deployment
  • Transparent feedback: show user judgment summary to reduce mistrust

3) Technical Details — API Flow & Detection Logic

Phone App / SMS Gateway
    └─ Receives SMS or call notification (upload only: text, number, timestamp)
           ↓ (HTTPS/TLS)
API Gateway / Webhook
           ↓
Pre-filter Rules (low-cost)
 - Blacklist/whitelist number check
 - Quick URL check (expand short URLs)
 - Regex/keyword check (withdrawal, remittance, limited-time, click link)
 If Pre-filter is conclusive → return result
 Else → call LLM (or secondary ML model)
           ↓
LLM / ML Decision
 - Output risk_score (0–100)
 - Output explanation (1–3 sentences)
           ↓
Decision Engine
 - Execute actions based on score (mark, notify, quarantine, human review)
           ↓
Log & Metrics / Audit Trail

Suggested Data Schema (Request)

{
  "user_id": "uuid-xxx",
  "msg_id": "sms-12345",
  "timestamp": "2025-10-20T08:00:00+08:00",
  "from_number": "+8869xxxxxxx",
  "text": "Dear Mr. Wang, your account has anomalies…click here: https://short.url/abc",
  "attachments": [],
  "locale": "zh-TW",
  "app_version": "1.2.3"
}

Pre-filter (necessary)

  • Black/white number lookup (use Bloom filter / Redis cache for large volume)
  • Expand short URLs and check against malicious domain DB
  • Regex + token classification: withdrawal, remittance, limited-time, OTP, contact me (loan), fake organization names
  • Lightweight language & sentiment check: messages containing collection/payment/remittance keywords → add score

If pre-filter is conclusive (e.g., blacklisted number), no LLM call is needed → save cost

LLM / Detection Logic (Example)

  • Input prompt: include SMS text, number, expanded URLs, context
  • Output JSON:
    • risk_score (0–100)
    • categories (["phishing","impersonation","loan-scam"])
    • explanation (1–3 short sentences)
    • suggested_action ("notify","block","ignore","manual_review")
  • Decision thresholds:
    • risk_score ≥ 85 → high risk
    • 60 ≤ risk_score < 85 → medium risk
    • risk_score < 60 → low risk
  • Multi-user feedback: record user “false positive / report” for retraining or supervised dataset

Sample Prompt (Concept)

INPUT: {text}, {from_number}, {expanded_urls}
TASK: Determine if this SMS is fraudulent. Output JSON: {risk_score, categories, explanation, suggested_action}. risk_score 0-100.
Note: If message contains phishing link, impersonates government/bank, requests remittance/OTP, or urges download, increase score significantly. Give 1-3 short explanation sentences.

Cost-saving Strategies

  • First-pass rules: filter common scams; only ambiguous cases sent to LLM → LLM call rate 5–20%
  • Batch processing: use cheaper models or discounted API
  • Short prompt + lightweight model: classify routine messages on cloud/serverless
  • Cache repeated judgments: same number/content → reuse results within 24h
  • Hybrid models: cheap classifier first, low-confidence → LLM

Debugging, Testing & Metrics

  • KPI: detection rate, false positive rate, user-reported fraud, average latency
  • A/B testing: test different alert wording
  • Confusion matrix daily: compare human review vs system judgment
  • Feedback loop: user marks “not fraud” or “fraud” → record in training DB

4) Minimal Implementation Example (Pseudocode & HTTP Flow)

app.post('/api/check_sms', async (req, res) => {
  const { user_id, text, from } = req.body;
  const pre = preFilter({text, from});
  if(pre.decision === 'fraud' || pre.decision === 'safe') {
    return res.json(pre.result);
  }
  // call LLM
  const prompt = buildPrompt(text, from, pre.urls);
  const llmResp = await callLLM(prompt);
  const decision = decisionEngine(llmResp);
  logDecision(user_id, llmResp, decision);
  res.json(decision);
});

5) Risks / Pitfalls & Countermeasures

  • False positives → user churn: differentiate warning (yellow) vs block (red)
  • Privacy & legal risks: do not store full SMS long-term, keep only hash + metadata
  • Attack surface / adversarial samples: update rules/models regularly, keep human review
  • System latency: use LLM in non-blocking flow or lightweight model initially

6) Recommended Technology Stack

  • API Gateway: Cloud Run / AWS Lambda + API Gateway / Azure Functions
  • DB: Firestore / DynamoDB or Postgres
  • Cache: Redis
  • ML: LLM + small classifier
  • Monitoring: Prometheus / Grafana or cloud built-in

7) Testing Plan

  • Build test set (known scams, normal SMS, ambiguous cases)
  • 30-day shadow mode: log results only, human review comparison
  • Inspect false positives / negatives, adjust thresholds
  • Security & penetration testing
  • Legal review & privacy terms testing