ScamCatchr scans every email in Gmail in real time — detecting brand impersonation, freight fraud, phishing links, and authentication failures the moment they arrive.
ScamCatchr runs entirely inside your browser and shows warnings before you act on a dangerous email.
As soon as Gmail loads an email, ScamCatchr reads the visible sender name and domain. No login required. Detects impersonation and suspicious keywords in milliseconds.
With Gmail connected, ScamCatchr fetches email headers via the Gmail API and checks SPF, DKIM, and DMARC authentication records to catch spoofed senders that look legitimate.
Domains reported by other ScamCatchr users are flagged automatically. Every report you submit helps protect everyone else from the same sender.
ScamCatchr works silently in the background and only speaks up when something looks wrong.
Checks if the sender claims to be FedEx, UPS, DHL, USPS, Amazon, PayPal, Apple, Microsoft, Google, or dozens of other trusted brands — but emails from an unrecognised domain.
Reads Authentication-Results email headers via the Gmail API to verify that the message was actually sent by the domain it claims. The most reliable signal for spoofing.
Freight and logistics companies never use Gmail or Yahoo for business. ScamCatchr flags when a logistics email arrives from a personal email provider — a near-certain fraud signal.
Detects double-brokering, MC identity theft, ghost loads, cargo rerouting, payment redirect, factoring fraud, and chameleon carrier scams — the fastest-growing fraud category in trucking.
Each signal is assigned a weight. Multiple weak signals add up. A risk score from 1–10 is shown on every banner so you can quickly judge severity without reading the full analysis.
Browse your inbox without opening each email — ScamCatchr adds red ⚠ or yellow ! badges directly on risky rows so you can spot threats at a glance before you click.
Opt-in to a Monday morning email summarising the scam trends your ScamCatchr detected that week — top flagged domains, scam type breakdown, and tips to stay safe.
Catches emails where the visible sender name contains a domain that doesn't match the actual sending address — a common trick to fool a quick glance at the From field.
Domains flagged by the ScamCatchr community are cached locally and checked on every email. Three or more independent reports auto-flags the domain for all users.
Freight fraud has surged 400% since 2020. ScamCatchr is the only Gmail extension built specifically to catch the fraud patterns targeting carriers, brokers, and shippers.
Protect your operation →Fraudulent re-brokering of loads without the original broker's knowledge
Scammers clone a legitimate carrier's MC number and FMCSA profile
Fake load postings that collect deposits or personal info, then vanish
Fraudulent "updated banking details" emails intercepting legitimate payments
Fake factoring companies that collect invoice payments and disappear
Shell companies that cycle through MC numbers to hide a fraud history
From parcel delivery phishing to IRS impersonation — ScamCatchr covers the full spectrum.
FedEx / UPS / USPS / DHL / Amazon impersonation with urgency-driven package hold language
"Pay €2.99 to release your parcel" — legitimate couriers never collect customs fees by email
Fake tracking pages that harvest credentials or redirect to malware downloads
Fake Maersk, MSC, CMA CGM, Hapag-Lloyd, or CH Robinson booking confirmations
Invoice or wire-transfer scam piggybacking on an existing shipping relationship
Re-brokering without shipper or carrier consent — often paired with identity theft
Cloned FMCSA profiles used to impersonate legitimate carriers and steal loads
Non-existent loads posted to harvest personal or banking information
Mid-transit instructions to redirect a load — often preceded by email compromise
Fake "banking details changed" notice timed to intercept a scheduled payment
Shell factoring companies that collect payments on legitimate invoices and disappear
Carriers that cycle through authority numbers to hide prior fraud or safety violations
Any sender domain flagged by you or the ScamCatchr community in a prior session
ScamCatchr is built on a minimal-data principle. We only ever see what's needed to detect a scam.
ScamCatchr only reads the From and Authentication-Results headers. Your message content is never accessed, stored, or transmitted.
We request gmail.readonly — the narrowest possible Gmail permission. You can revoke it any time from Google Account settings.
Phishing reports store only the sender domain (not the full address), subject, scam type, and risk level. Your email is never included.
Your Gmail address is only stored if you subscribe to the weekly digest — and you can unsubscribe from any digest email or directly from the popup.
All locally stored reports and tokens can be cleared from chrome://extensions → ScamCatchr → Clear data.
Read our Terms of Service and Privacy Policy for every field we store and why. No legalese — plain English.
Install ScamCatchr in seconds. No account required to start scanning — just add the extension and open Gmail.