Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent sites once they are found, but identifying new ones remains difficult.
To close that gap, researchers from Boston University created LOKI, a system that ranks search queries by how likely they are to reveal scams. Using a small seed set of 1,663 confirmed scam domains, LOKI discovered 52,493 previously unknown fraudulent websites and achieved a 20.58-fold improvement in detection across ten scam categories.
The core idea: Measuring toxicity
LOKI starts from a simple observation: some search phrases consistently bring up scam websites. When someone types double my bitcoin quickly, the results often include fake investment pages. A safer phrase like how to buy bitcoin securely produces mostly legitimate guides. This difference can be measured.
The researchers call this measurement query toxicity, the share of scam websites among all results for a search term. If a query returns six scam sites out of twenty total, its toxicity is 0.3. The higher the value, the more likely that query is to lead a user into a fraudulent part of the web.
Toxicity links human language to the landscape of scams indexed by search engines. Measuring it requires knowing which results are scams, which is where LOKI’s classifier, the oracle, comes in. The oracle labels websites as fraudulent or legitimate using a broad set of domain and content features.
Once toxicity scores are known for many example queries, the harder task begins, predicting toxicity for new search terms that have never been tested. Doing that by hand would mean issuing every possible query and labeling each site, which is not practical. LOKI replaces that effort with a machine learning model that learns the relationship between a query’s wording and its likelihood of producing scams.
Building the keyword universe
With a trusted classifier in place, the researchers turned to the language of scams. They collected about 1.5 million keyword suggestions using Google’s Ads Keyword Planner API, which lists search terms drawn from advertising data. For each known scam domain, the system requested related keywords.
This method produced realistic search queries based on user behavior. The team filtered out branded terms because they often return legitimate high-authority sites.
To study how search engines handle those keywords, they used the DataForSEO API to collect results from Google, Bing, Baidu, and Naver. These search engine result pages became the training data for the model’s learning process.
Why old methods fall short
Before developing their model, the team tested older keyword sampling techniques grouped by competition level, intent, and linguistic modifiers.
The results were inconsistent. Low competition keywords and phrases with strong purchase intent showed slightly higher toxicity, but no method worked across scam categories. Modifiers that exposed cryptocurrency scams failed for pet or medical scams.
Manual keyword rules could not adapt to new scam types. The new approach was built to learn these patterns directly from data instead of relying on fixed lists.
How LOKI learns
The system predicts the toxicity of a search query without issuing that query in real time. To do this, it uses a method called Learning Under Privileged Information (LUPI).
In this setup, the model has extra context during training, such as snippets and descriptions returned by search engines, but in use it only sees the text of a query. That extra context is considered privileged because it helps the model learn the link between a query and the nature of its results.
The framework uses two components, a teacher and a student. The teacher sees both the search query and the related search results, learning how these features relate to toxicity. The student only sees the query text and learns to predict toxicity by imitating the teacher’s output.
Both components are based on DistilBERT, a transformer language model used for text understanding. The teacher trains first on pairs of queries and search results labeled with toxicity scores. The student then distills that knowledge, aligning its features and predictions with the teacher’s.
This setup allows the student to predict toxicity using only text input, avoiding the need for constant API queries that would slow discovery.
Testing and results
The team tested LOKI using a cross validation setup that trained on four scam categories and tested on a fifth, forcing it to generalize to new types.
Compared to baseline models and keyword heuristics, LOKI consistently produced higher toxicity predictions and uncovered many more fraudulent sites. Both the teacher and student versions performed well; the student often approached the teacher’s accuracy without needing search result data at inference.
Performance was strong across categories, with particularly high gains in areas such as adult services and gambling, and steady results elsewhere.
Patterns in scam language
Beyond metrics, the research revealed patterns that cross categories. Queries with price cues or modifiers such as cheap or without verification appeared more toxic across scam types.
These phrases tap into the same triggers that scammers rely on, promising speed, savings, or certainty. Recognizing such linguistic signals helps explain why the model transfers well to new scam types.
The researchers have released their datasets and models publicly, allowing others to build on the work. In essence, LOKI teaches machines to think like fraud hunters who understand search behavior, automating a process that once relied on intuition and manual effort.
