Machine Learning and Scam Detection: The Future of Online Safety

ML to blocklists: the next five years of the arms race between fraud and detection and what the arms race really looks like. A text file was the most dominant method of detecting an online scam in 2003. The state of the art was blocklists: lists of known-bad domains, IP addresses, and email senders. Teams of human analysts regularly updated them on a weekly basis, and they were sent to email clients and browsers and were reasonably effective against an opponent who was slow and at a modest scale. It is now twenty-two years later; the arch-rival registers ten thousand domains every day, writes customized phishing messages on-the-fly with fine-tuned LLMs, tours their attacks through legal CDN networks, and pre-tests their campaigns against detection systems before deploying them. But the text file remains technically alive a mere seven layers deep within one of the neural ensembles that processes four hundred features in less than a second. The tale of machine learning revolutionizing sc