FRAUD WATCH

v0.1.0 Β· MV3 browser extension Β· MIT license

See the scam
before it sees you.

Fraud Watch is a local-first fraud-defense extension. It watches for high-risk moments β€” fake logins, wallet-seed grabs, scareware popups β€” runs deterministic detectors entirely on your device, and shows a calm, specific warning before harm occurs. Nothing leaves your browser.

~25 KB zip Β· no account, no backend, no telemetry Β· all releases Β· source code

Install in about a minute

Fraud Watch isn't on the extension stores yet, so you load the release build yourself. It's a normal developer-mode install β€” no build tools needed.

Chrome / Edge / Brave

  1. Download the Chrome zip above and unzip it. You'll get a folder containing manifest.json.
  2. Open chrome://extensions and switch on Developer mode (top right).
  3. Click Load unpacked and select the unzipped folder.
  4. Pin Fraud Watch from the puzzle-piece menu. Click it on any page to see that page's risk rating.

Firefox

  1. Download the Firefox zip above. No need to unzip it.
  2. Open about:debugging#/runtime/this-firefox.
  3. Click Load Temporary Add-on… and select the zip file.

Firefox removes temporary add-ons when it closes, so you'll reload it each session. A signed permanent build is planned once the extension is submitted to addons.mozilla.org.

What it watches for

Independent analyzers each score the page; a weighted policy engine turns those scores into one 1–10 site rating and, when needed, an inline warning you can always override.

url_domain_analyzer

Look-alike domains

Punycode tricks, brand names buried in subdomains, typosquats, and credential pages living on off-brand domains.

form_intent_analyzer

Risky forms

Login, payment, bank, tax, and crypto-seed intent β€” and forms that quietly submit your credentials to a different origin.

popup_scareware_analyzer

Scareware & fake support

Fake system warnings, "call Microsoft now" remote-support scripts, and fullscreen lock-in attempts.

Bonus: a user-triggered AI-text detector highlights suspected AI-written content inline with a 0–100 score β€” fully offline by default.

Protection, not spyware

The whole design starts from one rule: you should feel protected without being watched.

  • Everything runs locally β€” this build has no backend and sends no telemetry.
  • Never reads what you type into password, OTP, card, or seed fields β€” it classifies fields by name and type only.
  • Snippets are redacted and size-capped before they cross any trust boundary.
  • Narrow permissions: storage, the active tab, and scripting. Broad host access stays opt-in.
  • Every warning is overridable β€” "Trust this site" always wins.
  • Open source under MIT. Read every detector yourself.