Problem

Recently we are facing a new type of scam message pattern that uses pictures only. Looks for example like this:

The user posts a bunch of pictures and they contain the malicious scam instructions.

Approach

We want to extend our existing ScamBlocker (more specifically the ScamDetector) to detect and handle this new scam pattern.

Therefore, the proposal is to trigger on any message ticking the following:

• no text content, just attachments
• there are 3 or more picture attachments (end with .jpg or .png) and no other attachments
• these attachments are named with increasing digits (it would also be enough to check that all of them are single or two digits only, such as 17.jpg)

Details

Therefore, we should modify ScamDetector#isScam and add an overload taking Message, not just CharSequence. This new isScam method then first checks for this new threat with the attachments etc and then, if that is considered safe, calls the existing isScam(CharSequence) overload the way it is called today in ScamBlocker already.

// in ScamBlocker Message message = event.getMessage(); if (isSafe && scamDetector.isScam(message)) { isSafe = false; }

// in ScamDetector public boolean isScam(Message message) { // TODO check new attachment scam // and then, if that is considered safe, do this: String content = message.getContentDisplay(); return isScam(content); }

Additionally, this should be covered with unit tests. The existing ScamDetectorTest class can be expanded for that. Make use of a Message message = mock(Message.class) for that.