We're a nonprofit on a mission to bring cybersecurity and scam awareness to everyday people — through free tools, free resources, and public-awareness campaigns that meet people where they are.

One of our workshops, hosted in partnership with Baruch ISACA.
Our Impact
5M+
People Reached
Across LinkNYC, Google, Meta & our tools
3K+
People Helped by Our Tools
Free scam-detection & safety resources
100%
Free & Nonprofit
Every tool, guide, and resource we publish
We build and give away the tools we wish everyone had — scam detectors, safety guidance, and clear explainers. No paywalls, no logins, no catch.
A free, searchable archive of real-world scams so anyone can recognize the patterns before they fall for them.
Use it free →Forward a suspicious email to check@inboxspotter.com and get an instant, plain-language read on whether it's a scam.
Use it free →Paste any link and we'll scan it — instantly flagging phishing pages, malware, and other unsafe sites.
Use it free →WhatsApp-based scam guidance — chat in, get clear answers about whether something is safe.
Use it free →A rotating look at the latest scam variations submitted to ScamArchive — what they look like, how they work, and how to spot them.

Observed 2026-05-02
This variation involves a text message claiming to offer a remote online evaluator position with pay ranging from $100 to $600 per day for 1 to 2 hours of work. The message encourages recipients to reply with "YES" or "Interested" to engage further.
Original research and threat analysis — published openly so anyone can learn from it.

A T-Pot honeypot logged three distinct Indonesian IP addresses scanning port 445 roughly 80,000 times. Using OSINT tools — IPInfo, AbuseIPDB, Shodan, and Whois — this investigation traces the traffic back to residential proxies, misconfigured MikroTik routers, and what may be a single threat actor hiding behind legitimate Indonesian ISPs.
by Narek Grigoryan

A new wave of the Shai-Hulud npm worm is loose. It hides inside developer packages, steals GitHub tokens, and uses a chilling sigil, IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner, to threaten anyone who tries to cut it off. Here is what it does and what to do about it.

OpenClaw is an open-source agentic AI tool marketed as a personal AI assistant that runs inside messaging apps and has full access to the user's local machine. With 50,000+ vulnerable instances and nearly 10 million CVEs across monitored deployments, the security tradeoffs make it a high risk for individuals and businesses adopting it.
by Seva Karonis
Real scams illustrated — each comic breaks down a threat so you know exactly what to watch for.


More on the way
New comics drop regularly. Check back soon — or follow us to catch the next one.
We run public-awareness campaigns across LinkNYC kiosks, Google, and Meta — putting timely, no-jargon scam alerts in front of millions of people right when fraudsters target them.
5M+
Total People Reached
NYC+
Local & Online



Workshops, CTFs, and Scam Search Parties — free community events where anyone can learn hands-on.
Our newsletter is on the way. In the meantime, follow us on Instagram →