-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathemailScanner.js
More file actions
42 lines (36 loc) · 1.37 KB
/
emailScanner.js
File metadata and controls
42 lines (36 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// emailScanner.js
/**
* Scans email text for phishing indicators.
* @param {string} text - Email body text.
* @returns {boolean} - True if phishing indicators are found.
*/
function scanEmail(text) {
// Normalize text to lowercase for case-insensitive checks
const normalizedText = text.toLowerCase();
// Common phishing keywords
const phishingKeywords = [
"password", "verify", "account", "urgent", "suspended",
"login", "security", "click here", "confirm", "immediately"
];
// Check for phishing keywords
const hasPhishingKeyword = phishingKeywords.some(keyword =>
normalizedText.includes(keyword)
);
// Check for suspicious links (non-HTTPS or mismatched domains)
const suspiciousLinkRegex = /http:\/\/[^\s]+|https:\/\/[^\s]+/g;
const links = normalizedText.match(suspiciousLinkRegex) || [];
const hasSuspiciousLink = links.some(link => {
try {
const url = new URL(link);
const isTrustedDomain = url.hostname.endsWith('trusted-domain.com'); // Replace with your trusted domains
return !isTrustedDomain && !url.protocol.startsWith('https');
} catch {
return true; // Invalid URLs are flagged
}
});
return hasPhishingKeyword || hasSuspiciousLink;
}
// Export for testing (optional)
if (typeof module !== 'undefined' && module.exports) {
module.exports = { scanEmail };
}