PhishingMirror

login
home page
home page 2
Teli AI Scam Protection
Teli AI Record Tracking
Teli AI Personlization Settings
SMS Scam Security
Testing Email Scam Scanner
Email Scam Scanner 2
Email Scam Scanner 3

Inspiration

Phone-based scams and social-engineering attacks keep slipping through traditional spam filters. Apple’s call screening helps reduce noise, but it doesn’t verify trust—it only asks for intent. Caller ID spoofing, vishing, and “urgent” requests like payments, account resets, and bank detail changes still succeed because the phone call itself is treated like a trusted channel. PhishingMirror was inspired by that gap: voice calls are now a security surface, and they deserve the same trust controls we expect for email, banking, and account security.

What it does

PhishingMirror is an AI-powered call screening and verification system that acts as a trust gateway for incoming calls. When an unknown caller reaches the number, an AI voice agent asks structured questions to capture intent and context, then evaluates the conversation for social-engineering risk signals such as urgency, authority impersonation, coercive language, and sensitive requests. If the request is high-risk, PhishingMirror initiates out-of-band verification using steps like SMS codes, callback-to-known-number workflows, or DTMF challenges before allowing any action to proceed. Based on risk and verification outcome, it safely routes the interaction by blocking, holding for verification, transferring, or sending to voicemail, while maintaining an audit trail containing the transcript, a risk score, key extracted entities (names, amounts, requested actions), and a short explanation of the decision. The goal is not just “why are you calling?” but “who is calling, and is this request safe?”

How we built it

We built PhishingMirror around an agent-based voice architecture. A voice AI agent handles inbound calls, follows a strict policy boundary, and collects structured information. A risk analysis layer combines deterministic checks with AI-based classification to score the likelihood of a scam or coercive attempt. When risk crosses a threshold, a verification layer triggers step-up checks such as SMS/DTMF/callback flows. A backend service records outcomes, transcripts, verification results, and decision rationales, and a simple dashboard surfaces call history with evidence so users can quickly understand what happened and why.

Challenges we ran into

The hardest part was designing verification that is secure but not annoying for legitimate callers, especially under the reality that caller ID cannot be trusted and verification must be out-of-band. We also had to prevent the AI from becoming either overly permissive (false negatives) or overly strict (false positives), and we learned that “security” isn’t convincing unless decisions are explainable in plain language. Finally, we had to keep the prototype narrow enough to demo smoothly while still feeling like a real product someone would deploy.

Accomplishments that we're proud of

We delivered a working prototype that performs real-time screening, verification, and routing in a single flow, and we made outcomes explainable rather than relying on black-box “spam” labels. We implemented a usable audit trail with transcripts and verification evidence, and we kept the design modular so screening, verification, and decisioning can evolve independently. Most importantly, we shaped the experience to feel immediately practical—something a user could adopt to reduce risk without changing their entire workflow.

What we learned

We learned that voice threats are not just spam—they’re trust attacks built on social engineering. Small, correctly placed friction dramatically reduces successful scams, but the friction must be applied only when risk is high and it must be understandable to the user. We also learned that “secure” needs process controls, not just detection, and that agent-based systems are strongest when responsibilities are clearly separated between intake, risk assessment, verification, and routing.

What's next for PhishingMirror

Next we want to broaden coverage for vishing patterns and scam playbooks, strengthen step-up verification for high-risk intents, and add known-contact validation and optional passphrases for repeat interactions. We also plan to integrate with ticketing/CRM and security workflows for business deployments, improve analytics with trend reporting and adaptive policy tuning, and ship a more polished dashboard that produces compact evidence summaries and exportable reports.