The Global Signal Exchange has expanded its data architecture from 60 to 95 distinct threat feeds. A major portion of these 35 new pipelines comes from an operational integration with global scambaiting communities.

Scambaiters are individuals who deliberately interact with fraudsters to disrupt their operations. Because of their large public profile, they receive a steady stream of scam screenshots from the public. We use algorithms and AI to process these submissions, converting the unstructured visual data into clean GSE signal feeds.

The GSE platform treats these community image pools as a direct data ingestion funnel. Our infrastructure automatically processes the screenshots to extract three specific parameters:

  • The Threat Signal: The exact marker hidden in the image, such as a malicious URL, hosting provider name, telephone number, or cryptocurrency wallet address.
  • The Abuse Type: The processor categorises the attack into one of our supported abuse types, such as phishing, scam, or malware.
  • The Signal Type: The technical format of the signal detected, classifying it as a URL, Domain Name, IP Address, or Phone number.

Once these elements are pulled from the images, the clean data goes straight into the GSE platform, making the indicators immediately available to our members. From there, infrastructure providers, platforms, and defenders can take necessary action that fits their sector best while the scam is still running.

The goal of expanding the network to 95 feeds is straightforward: to get user-reported data into the hands of our members quickly, so they can stop active scams before they spread.


Our Authors