The scam usually starts the same way: a too-casual DM, a look-alike “support” handle, a fresh domain that feels almost right.
After watching the rise of these patterns across social apps Instagram DMs in particular turning into fertile ground for fake supports scams, giveaways and investment scams, David Ukap decided awareness posts weren’t enough.
People needed protection inside the conversation, at the exact moment a risky link, wallet or QR appears.
OpenScamShield is his answer: a free, privacy-first bot that lives in Telegram chats and acts before the damage is done.
Built for the moment of risk
Rather than lecturing after the fact, OpenScamShield makes a call in seconds. Add it as an admin and it scans every new post in real time. High-risk content—brand-spoofed links, wallet drops, QR drainers, OTP/seed-phrase requests is removed or gated with a clear, human explanation of why it was flagged.
Moderators get one-tap actions (Allow, Delete & Mute, Ban & Report), and newcomers see simple rules the first time they try to post a link.
For everyday users, there’s no new app to learn. Type @OpenScamShield in any chat for an instant verdict, or forward a suspicious message/screenshot to the bot in DM. Under the hood, it blends reputation signals with explainable heuristics WHOIS age, look-alike domains, off-platform payment cues, wallet formats, OTP phrasing plus OCR/QR decoding for image-based lures. Lightweight ML helps with tone and pattern, but the system always shows its working.
“Safety has to be fast, clear, and fair,” says Ukap. “If we can block the con and teach the pattern in the same breath, we change behaviour not just outcomes.”
Adoption that signals fit
Since a quiet soft launch, OpenScamShield has been installed by hundreds of community admins across marketplace, crypto and classifieds groups.
Users have already run tens of thousands of inline checks—the easiest way to sanity-check a link mid-conversation.
The project shipped multi-language support from day one (including Arabic and Hindi), with community contributions expanding coverage.
Early pilots with an exchange and a domain registrar are underway to accelerate wallet and domain actioning.
Privacy that earns trust
OpenScamShield cannot read private chats it isn’t part of. It only processes DMs sent to it and messages in groups/channels where it’s been added.
Data is minimal and short-lived by default, and anyone can purge their DM history with /forgetme. Regular transparency notes will cover accuracy, appeals and partner takedowns.
Where it’s going next
A Mini-App Safety Panel is in the works for configurable rules and quick micro-lessons, alongside deeper localisation and streamlined partner escalations. The mission remains simple: stop the scam at first contact and help people recognise the pattern the next time it appears.
Try it:
Admins can add OpenScamShield as an admin (disable privacy mode) and run /rules to choose a policy pack. Anyone can type @OpenScamShield inline or forward suspicious content to the bot in direct message.
OpenScamShield is led by David Ukap, a cybersecurity professional focused on reducing cybercrime.