ScamShield
Anti‑Scam Defense Course

Turn everyday people into scam‑spotting experts.

Simple, calm, step‑by‑step lessons that teach you how to recognize, avoid, and respond to modern scams— especially those targeting older adults.

One‑time $4.99 • Lifetime updates Built for seniors: large text, clear language Covers phone, text, email, online, romance & more
$4.99one‑time access
Includes all modules, tools, and future scam pattern updates. No subscriptions. No ads. No tracking.
No technical skills required Learn at your own pace Designed with families in mind

Quick Preview

Jump straight into the most-used sections of ScamShield:

Course Modules

Explore 12 practical lessons with red flags, safe-response steps, and completion tracking.

 Live Scam Intel

Launch trusted scam trackers and build targeted search packs by location, type, and keyword.

 Certification

Complete all modules and download your ScamShield completion certificate with learner name.

Secure Course Access — One Time Payment

ScamShield is fully gated behind a one-time $4.99 payment processed by PayPal to BarbrickDesign@gmail.com.

After payment, a one-time ScamShield access code is sent to your email from the PayPal webhook. Verify it once below to unlock and sync your email for future course access.

  • Amount: $4.99 USD
  • Recipient: BarbrickDesign@gmail.com
  • Unlock includes full course, tools, and final downloadable certificate

This course was developed by a certified SecDev Professional who has held an active security certification since October 2015 — maintained and ongoing. The author, Ryan Barbrick, has been studying and practicing Computer Science and Programming since 2008, bringing over 16 years of hands-on expertise in software development and cybersecurity to every module in this course. View security certification (PDF)

Complete secure PayPal checkout below to start access verification:
Course is currently locked.

Course Modules

12 short, focused modules. Tap a module to open it. Each one explains the scam type, the red flags, and what to do if it happens to you.

Plain language Real‑world examples Red‑flag checklists Printable summaries

What you’ll learn:

  • Why scammers target older adults and families.
  • The “Urgency + Fear + Reward” formula used in almost every scam.
  • Why smart, careful people still get tricked.
  • How scammers use fake dashboards and fake balances to create false trust.
  • The #1 safety rule: Slow is safe.

Emotional red flags

  • You feel rushed or panicked.
  • You feel guilty if you say “no”.
  • You feel like you must keep it secret.
  • You feel like you will “miss out” if you don’t act now.

Common phone scams:

  • “Grandparent emergency” (“Grandma, I’m in jail, don’t tell mom”).
  • Fake IRS / Social Security / Medicare calls.
  • “Your bank account is compromised” calls.
  • Tech support calls claiming your computer is infected.
  • AI‑cloned voices pretending to be your loved one.

Phone red flags:

  • They demand secrecy or say “don’t tell anyone”.
  • They ask for gift cards, wire transfers, or crypto.
  • They refuse to let you hang up and call back on the official number.
  • They threaten arrest, jail, or losing benefits if you don’t pay immediately.

Safe response steps

  • Hang up calmly. Do not argue.
  • Call the official number on the back of your card or from the agency’s website.
  • Talk to a trusted family member before sending any money.

Common text scams:

  • “Your package is on hold, click here to reschedule.”
  • “Unusual bank activity, verify now.”
  • Remote-work “task” scams that ask you to text, complete fake jobs, then send crypto to “unlock payouts.”
  • Fake unpaid speeding-ticket or toll texts with urgent payment links.
  • “Oops, wrong number” messages that turn into romance or investment talk.

Text red flags:

  • Links that look shortened (bit.ly, tinyurl, etc.).
  • Spelling mistakes or strange wording.
  • Unknown numbers asking for personal information.
  • Messages claiming “account balance” growth if you keep sending money.
  • Messages that say you must act “right now”.

Safe response steps

  • Do not tap links in unexpected texts.
  • Log in to your bank or delivery account using your usual app or website.
  • Delete the message or mark it as spam.

Common email scams:

  • Fake PayPal, Amazon, or Apple receipts you never made.
  • “Your account will be closed, click here to keep it.”
  • Attachments claiming to be invoices or shipping labels.
  • Emails pretending to be from your boss or family asking for money.

Email red flags:

  • The sender address is slightly wrong (like “amaz0n.com”).
  • They ask you to “verify your password” or enter card details.
  • Unexpected attachments, especially .zip or .exe files.
  • Threats or countdown timers in the message.

Safe response steps

  • Do not click links in suspicious emails.
  • Go directly to the company website or app you normally use.
  • Delete the email or mark it as phishing.

Common shopping scams:

  • Websites with very low prices and no real contact information.
  • Buyers who “accidentally” overpay and ask you to refund the difference.
  • Sellers who insist on unusual payment methods (gift cards, crypto, wire).
  • Fake shipping or courier services arranged by the scammer.

Shopping red flags:

  • No physical address or phone number on the website.
  • Only one way to pay, and it’s not a major card or trusted service.
  • Reviews that look copied, repeated, or too perfect.

Safe response steps

  • Use well‑known stores or payment platforms.
  • If a deal looks too good to be true, it usually is.
  • On marketplaces, meet in public places and avoid unusual payment methods.

Common social media scams:

  • Fake giveaways asking you to pay a “small fee” to claim a prize.
  • Accounts pretending to be your friend or relative asking for money.
  • Telegram groups or channels promising insider crypto/job profits with fake dashboards.
  • Posts claiming “I made a fortune with this crypto/investment, message me.”
  • Fake charity fundraisers after disasters.

Social red flags:

  • New accounts with few posts or followers.
  • Messages that move quickly to money or investments.
  • They avoid phone or video calls and keep everything in chat.

Safe response steps

  • Contact your friend through another method to confirm it’s really them.
  • Do not send money or crypto to people you only know online.
  • Check charities on official charity‑rating websites before donating.

Common banking scams:

  • Fake bank texts or calls about “suspicious activity”.
  • People asking you to move money “to keep it safe”.
  • Investment offers with guaranteed high returns.
  • Crypto platforms that only allow deposits, not withdrawals.

Money red flags:

  • “Guaranteed” profits or “no risk” investments.
  • Pressure to invest quickly before you can think or talk to family.
  • Requests to install remote‑access software to “help” you move money.

Safe response steps

  • Call your bank using the number on your card or statement.
  • Never move money because a stranger tells you to.
  • Discuss investments with a licensed advisor or trusted family member.

Common tech scams:

  • Pop‑ups saying “Your computer is infected, call this number now.”
  • People asking you to install remote‑control software.
  • Fake antivirus renewal emails or calls.
  • QR codes that lead to fake login pages.

Tech red flags:

  • Any pop‑up that includes a phone number to call.
  • Anyone who wants to control your device remotely.
  • Requests for your passwords or banking details “to fix the problem”.

Safe response steps

  • Close the pop‑up or restart the device.
  • Call a trusted local technician or family member, not the number on the screen.
  • Only install apps from official app stores.

Common romance scams:

  • People who quickly say they are “in love” but never meet in person.
  • “Military” or “overseas workers” who always have an excuse not to visit.
  • Relationships that slowly turn into investment or money requests.

Romance red flags:

  • They avoid video calls or always have camera problems.
  • They ask you to keep the relationship secret from family.
  • They ask for money for emergencies, tickets, or investments.

Safe response steps

  • Never send money to someone you have not met in person.
  • Talk openly with family or friends about online relationships.
  • If you feel embarrassed, remember: scammers are professionals. You are not alone.

Common in‑person scams:

  • Door‑to‑door “inspectors” or “contractors” who appear without an appointment.
  • People claiming to be from the utility company without proper ID.
  • High‑pressure home repair offers after storms.
  • Charity collectors who cannot provide proof of the organization.

In‑person red flags:

  • They refuse to show ID or rush you to sign papers.
  • They want to come inside your home when it is not necessary.
  • They demand cash up front.

Safe response steps

  • Do not open the door to unexpected visitors if you feel unsure.
  • Call the company using the number on your bill to confirm.
  • Get written estimates and check reviews before hiring anyone.

Key protections:

  • Use strong, unique passwords or a password manager.
  • Turn on two‑factor authentication (codes sent to your phone).
  • Freeze your credit if you are not applying for new loans.
  • Shred documents with your Social Security number or account numbers.

Your identity safety checklist

  • My main email and bank accounts have strong passwords.
  • I know how to recognize unexpected credit or loan notices.
  • I review my statements regularly for strange charges.

If you think you’re being scammed:

  • Stop all contact immediately.
  • Do not send more money, even to “fix” the situation.
  • Save screenshots, emails, and messages as evidence.

If you already sent money or information:

  • Contact your bank or card company right away.
  • Change passwords for any affected accounts.
  • Consider placing a fraud alert or credit freeze.

Official places to report and recover:

Emotional recovery

  • Remember: scammers are professionals. Falling for a scam does not mean you are foolish.
  • Talk with someone you trust about what happened.
  • Use this course to turn a painful experience into long‑term protection for you and your family.
`; } function sanitizeFilename(name) { let safeName = String(name || "").toLowerCase(); try { safeName = safeName .normalize("NFKD") .replace(/[^\p{L}\p{N}\-_]+/gu, "-") .replace(/-+/g, "-") .replace(/^-+|-+$/g, ""); } catch (error) { safeName = safeName.replace(/[^a-z0-9\-_]+/g, "-").replace(/-+/g, "-").replace(/^-+|-+$/g, ""); } return safeName; } function downloadCertificate() { const stats = getCompletionStats(); const access = getStoredAccess(); const learnerName = (learnerNameInput.value || "").trim(); if (!access || !stats.complete || !learnerName) { updateProgressUI(); return; } const issuedOn = new Date().toLocaleDateString(); const html = buildCertificateHtml(learnerName, issuedOn, access); const blob = new Blob([html], { type: "text/html;charset=utf-8" }); const url = URL.createObjectURL(blob); const safeName = sanitizeFilename(learnerName); const link = document.createElement("a"); link.href = url; link.download = `scamshield-certificate-${safeName || "learner"}.html`; document.body.appendChild(link); link.click(); link.remove(); URL.revokeObjectURL(url); certificateStatus.textContent = "Certificate downloaded successfully."; } function attachUnlockHandlers() { unlockButton.addEventListener("click", () => { const target = document.getElementById("paywallSection"); target.scrollIntoView({ behavior: "smooth", block: "start" }); }); } function attachAccessHandlers() { verifyAccessCodeButton.addEventListener("click", verifyScamShieldAccess); accessCodeInput.addEventListener("keydown", (event) => { if (event.key === "Enter") { event.preventDefault(); verifyScamShieldAccess(); } }); payerEmailInput.addEventListener("blur", () => { const learnerEmail = normalizeEmail(payerEmailInput.value); if (learnerEmail) { rememberLearnerEmail(learnerEmail); } }); } async function loadPayPalClientId() { const { response, payload } = await requestBackend("/api/paypal/client-id", {}, { timeoutMs: 8000, retryStatuses: [404, 502, 503, 504] }); if (!response.ok || !payload.success || !payload.clientId) { throw new Error( payload.error || "Checkout service is still starting up. Please try again in a moment." ); } return payload.clientId; } function loadPayPalSdk(clientId) { return new Promise((resolve, reject) => { if (window.paypal) { resolve(); return; } const script = document.createElement("script"); script.src = `https://www.paypal.com/sdk/js?client-id=${encodeURIComponent(clientId)}¤cy=USD&intent=capture`; script.onload = resolve; script.onerror = () => reject(new Error("PayPal SDK failed to load.")); document.head.appendChild(script); }); } async function createPayPalOrder() { const learnerEmail = getLearnerEmail(); if (!isValidEmail(learnerEmail)) { throw new Error("Enter a valid email address before checkout so we can send your one-time access code."); } rememberLearnerEmail(learnerEmail); const { response, payload } = await requestBackend("/api/paypal/create-order", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ amount: COURSE_PRICE_USD, currency: "USD", description: "ScamShield Anti-Scam Defense Course Access", custom_id: buildScamShieldCustomId(learnerEmail) }) }, { timeoutMs: 15000, retryStatuses: [404, 502, 503, 504] }); if (!response.ok || !payload.success || !payload.orderId) { throw new Error(payload.error || "Unable to create payment order."); } return payload.orderId; } async function capturePayPalOrder(orderId) { const { response, payload } = await requestBackend(`/api/paypal/capture-order/${encodeURIComponent(orderId)}`, { method: "POST", headers: { "Content-Type": "application/json" } }, { timeoutMs: 15000, retryStatuses: [404, 502, 503, 504] }); if (!response.ok || !payload.success) { throw new Error(payload.error || "Payment capture failed."); } const paidAmount = Number.parseFloat(payload.amount); const expectedAmount = Number.parseFloat(COURSE_PRICE_USD); if (!Number.isFinite(paidAmount) || Math.abs(paidAmount - expectedAmount) > 0.001) { throw new Error( "Payment verification failed: amount mismatch. Please contact support at BarbrickDesign@gmail.com with your transaction details." ); } return payload; } function saveVerifiedAccess(capturePayload, email) { const orderId = capturePayload.orderId || ""; const captureId = capturePayload.captureId || ""; const transactionId = captureId || orderId; const completionFromServer = Array.isArray(capturePayload.completionState) ? capturePayload.completionState.map((value) => Boolean(value)) : null; if (completionFromServer) { if (completionFromServer.length !== modules.length) { console.warn( `ScamShield completion length mismatch (server=${completionFromServer.length}, local=${modules.length}).` ); } completionState = Array(modules.length) .fill(false) .map((_, index) => Boolean(completionFromServer[index])); persistCompletionState(); } const accessRecord = { transactionId, orderId, captureId, unlockedAt: new Date().toISOString(), amount: COURSE_PRICE_USD, email: normalizeEmail(email || capturePayload.email || getLearnerEmail()), recipient: "BarbrickDesign@gmail.com", verification: capturePayload.verification || "server-paypal-capture" }; localStorage.setItem(ACCESS_STORAGE_KEY, JSON.stringify(accessRecord)); if (accessRecord.email) { rememberLearnerEmail(accessRecord.email); } } async function verifyScamShieldAccess(options = {}) { const learnerEmail = normalizeEmail(options.email || getLearnerEmail()); const accessCode = String( options.accessCode !== undefined ? options.accessCode : accessCodeInput.value || "" ) .trim() .toUpperCase(); const clearUrlParams = options.clearUrlParams !== false; if (!isValidEmail(learnerEmail)) { setPaywallStatus("Enter a valid email address to verify access.", "error"); return; } setPaywallStatus("Checking access with secure server verification…", ""); rememberLearnerEmail(learnerEmail); try { const { response, payload } = await requestBackend("/api/scamshield/access/verify", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email: learnerEmail, accessCode: accessCode || undefined }) }, { timeoutMs: 12000 }); if (!response.ok || !payload.success || !payload.access) { throw new Error( payload.error || (payload.requiresCode ? "Enter the one-time code from your email to unlock." : "Unable to verify course access.") ); } saveVerifiedAccess(payload.access, learnerEmail); applyAccessUI(); updateProgressUI(); accessCodeInput.value = ""; setPaywallStatus( payload.restored ? "Course restored from your synced email. Welcome back." : "One-time code verified. Course unlocked and email synced for future access.", "success" ); if (clearUrlParams) { clearAccessParamsFromUrl(); } } catch (error) { setPaywallStatus( toUserFacingError("Access verification", error, "Access verification failed. Please try again."), "error" ); } } async function syncProgressToServer() { const access = getStoredAccess(); const learnerEmail = normalizeEmail(access?.email); if (!isValidEmail(learnerEmail)) { return; } try { await requestBackend("/api/scamshield/access/progress", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email: learnerEmail, completionState }) }, { timeoutMs: 10000 }); } catch (error) { console.warn("Unable to sync ScamShield progress to server.", error); } } async function attemptAccessRestore() { const access = getStoredAccess(); if (access) { return; } const learnerEmail = getLearnerEmail(); if (!isValidEmail(learnerEmail)) { return; } try { const { response, payload } = await requestBackend("/api/scamshield/access/verify", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email: learnerEmail }) }, { timeoutMs: 10000 }); if (response.ok && payload.success && payload.access) { saveVerifiedAccess(payload.access, learnerEmail); applyAccessUI(); updateProgressUI(); setPaywallStatus("Access restored from your synced ScamShield email.", "success"); } } catch (error) { console.warn("Unable to restore ScamShield access from server.", error); } } async function initializePayPalUnlock() { try { const clientId = await loadPayPalClientId(); await loadPayPalSdk(clientId); paypalButtonContainer.innerHTML = ""; window.paypal .Buttons({ style: { layout: "vertical", color: "blue", shape: "rect", label: "pay", height: 42 }, createOrder: async () => { setPaywallStatus("Creating secure payment order…", ""); return createPayPalOrder(); }, onApprove: async (data) => { setPaywallStatus("Payment approved. Verifying with server…", ""); const capturePayload = await capturePayPalOrder(data.orderID); updateProgressUI(); setPaywallStatus( `Payment confirmed (${capturePayload.captureId || capturePayload.orderId}). Check your email for the one-time access code, then verify it below.`, "success" ); }, onCancel: () => { setPaywallStatus("Payment cancelled. Course remains locked.", "error"); }, onError: (error) => { setPaywallStatus(`PayPal error: ${error?.message || "Unknown error."}`, "error"); } }) .render("#paypalButtonContainer"); } catch (error) { const checkoutUnavailableMessage = toUserFacingError( "Checkout service", error, "Checkout service is not ready yet. Please retry in a moment or contact BarbrickDesign@gmail.com." ); paypalButtonContainer.innerHTML = `
${checkoutUnavailableMessage}
`; setPaywallStatus( checkoutUnavailableMessage, "error" ); } } function attachCertificateHandlers() { learnerNameInput.addEventListener("input", updateProgressUI); downloadCertificateButton.addEventListener("click", downloadCertificate); } function attachModuleAccordion() { modules.forEach((module) => { const header = module.querySelector(".module-header"); if (!header) { return; } header.addEventListener("click", () => { const isOpen = module.classList.contains("open"); module.classList.toggle("open"); header.setAttribute("aria-expanded", String(!isOpen)); }); }); } function attachAnalyzer() { const input = document.getElementById("analyzerInput"); const button = document.getElementById("analyzerButton"); const output = document.getElementById("analyzerOutput"); const redFlagKeywords = [ "gift card", "gift cards", "wire transfer", "bitcoin", "crypto", "cryptocurrency", "urgent", "immediately", "right now", "act now", "do not tell", "keep this secret", "verification link", "verify your account", "suspended", "locked", "arrest", "warrant", "jail", "bank account", "social security", "ssn", "password", "remote access", "install this app", "send money", "transfer funds", "overpayment", "processing fee", "clearance fee", "telegram", "speeding ticket", "traffic ticket", "task scam", "remote work task", "liquidity", "training task" ]; function analyzeText(text) { const lower = text.toLowerCase(); const flags = redFlagKeywords.filter((keyword) => lower.includes(keyword)); const lines = []; if (!text.trim()) { lines.push("Paste a message above and tap “Analyze message”."); return lines.join("\n"); } lines.push("Quick analysis (for guidance only):"); lines.push(""); if (flags.length > 0) { lines.push("⚠️ Potential red flags found:"); flags.forEach((flag) => lines.push(` • "${flag}"`)); lines.push(""); lines.push("If this message is asking for money, personal details, or secrecy, treat it as unsafe."); } else { lines.push("✅ No obvious red-flag words detected."); lines.push("Still, ask yourself:"); lines.push(" • Am I being rushed?"); lines.push(" • Did they contact me first?"); lines.push(" • Are they asking for money or private information?"); } return lines.join("\n"); } button.addEventListener("click", () => { output.textContent = analyzeText(input.value || ""); }); } function attachLiveScamIntel() { const locationInput = document.getElementById("intelLocationInput"); const typeInput = document.getElementById("intelTypeInput"); const keywordInput = document.getElementById("intelKeywordInput"); const output = document.getElementById("intelSearchPackOutput"); const status = document.getElementById("intelStatusMessage"); const copyButton = document.getElementById("copyIntelSearchPackButton"); const openBbbTrackerButton = document.getElementById("openBbbTrackerButton"); const openAarpMapButton = document.getElementById("openAarpMapButton"); const openFtcScamsButton = document.getElementById("openFtcScamsButton"); const openReportFraudButton = document.getElementById("openReportFraudButton"); const openIc3Button = document.getElementById("openIc3Button"); const openCheckPhishButton = document.getElementById("openCheckPhishButton"); if ( !locationInput || !typeInput || !keywordInput || !output || !status || !copyButton || !openBbbTrackerButton || !openAarpMapButton || !openFtcScamsButton || !openReportFraudButton || !openIc3Button || !openCheckPhishButton ) { return; } if (locationInput.dataset.intelBound === "true") { return; } locationInput.dataset.intelBound = "true"; function getDisplayValue(value) { const cleaned = String(value || "").replace(/\s+/g, " ").trim(); return cleaned || "(not set)"; } function getSearchPack() { const location = getDisplayValue(locationInput.value); const scamType = getDisplayValue(typeInput.value); const keyword = getDisplayValue(keywordInput.value); return `Search pack: location=${location}, type=${scamType}, keyword=${keyword}.`; } function updateSearchPack() { output.textContent = getSearchPack(); } const allowedOfficialHosts = new Set([ "www.bbb.org", "www.aarp.org", "consumer.ftc.gov", "reportfraud.ftc.gov", "www.ic3.gov", "checkphish.ai", "www.fraud.org", "www.ftc.gov", "www.identitytheft.gov" ]); function openOfficial(url) { try { const parsedUrl = new URL(url); if (parsedUrl.protocol !== "https:" || !allowedOfficialHosts.has(parsedUrl.hostname)) { status.textContent = "Blocked an invalid resource link."; return; } status.textContent = "Opening official resource in a new tab."; window.open(parsedUrl.toString(), "_blank", "noopener,noreferrer"); } catch (error) { status.textContent = "Invalid resource link format."; } } async function copySearchPack() { const searchPack = getSearchPack(); const originalLabel = copyButton.textContent; try { if (navigator.clipboard && typeof navigator.clipboard.writeText === "function") { await navigator.clipboard.writeText(searchPack); output.textContent = searchPack; status.textContent = "Search pack copied to clipboard."; copyButton.textContent = "Copied!"; window.setTimeout(() => { copyButton.textContent = originalLabel; }, 1800); return; } } catch (error) { console.warn("Clipboard write failed. Falling back to manual copy.", error); if (error.name === "NotAllowedError") { status.textContent = "Clipboard permission denied. Enable clipboard permission in your browser, or copy manually with Ctrl+C (Cmd+C on Mac).";