Do not rush to pay after a threat
Helps ordinary people assess suspicious threats and get urgent steps plus a saveable evidence package on their phone.
A mobile app called from the share menu for texts and emails, designed to help ordinary people quickly assess sudden extortion or threatening messages. After users share a message, image, or voice recording, the home screen labels whether it looks more like device ransomware, intimate-image extortion, fake kidnapping, or a mass scam, and lists the reasons. The app then provides actions ordered by the minute, such as contacting family to verify the claim, disconnecting a specific device, and preserving specific records. It saves all original content and action times as a local evidence package that users can give to a platform, company security staff, or the police. Instead of making users search a threatening phrase while panicking, it handles the actions they are most likely to get wrong first, then adds explanation.
Why now
A Google Trending Now snapshot for the US shows that searches for “ransom” had an approximate volume of 50,000+ over the past 168 hours, with an increase of about 500%. The trend ended on July 13, 2026, at 03:20 UTC, before the July 13, 2026, 09:46 UTC capture. The FBI had also confirmed in the Nancy Guthrie case that multiple ransom letters included both impersonation-based extortion and content that was still being investigated as potentially real. S1 The FBI advises people dealing with virtual kidnapping to contact relatives first and preserve screenshots, texts, and audio. CISA advises isolating affected devices first in ransomware cases and preserving evidence. Turning these branching actions into an immediate phone workflow could directly reduce the risk of reversing the response order while panicking. S2S3
Target user
Ordinary people who suddenly receive messages demanding ransom, threatening to expose private content, claiming that a family member was kidnapped, or saying that a device is locked. They open it before replying, paying, deleting the message, or restarting the device. It also serves children, partners, and coworkers who are asked to judge whether a message is real.
Minimal entry point
Start with Android: receive text or email content and screenshots through the Android Sharesheet, identify only four threat types, return three emergency steps, and export the original text, images, receipt time, and user action log as a local ZIP evidence package. Do not handle voice recordings or contact the police on the user’s behalf at first.
Punching above its weight
Publish indexable, anonymized case pages around threat phrases people search directly, such as “What should I do if someone says they kidnapped my family member?” and “What should I do if they threaten to share intimate photos unless I pay?” Each page gives only the verification order and an app sharing entry point, capturing the most urgent searches after an incident starts.
Competitors & gaps
- Norton Genie
- Norton Genie’s public description focuses on assessing whether texts, emails, websites, and videos involve scams, then giving general security advice; this idea would focus only on high-pressure situations involving extortion or personal threats, separate device ransomware, intimate-image extortion, fake kidnapping, and mass scams, and add ordered emergency actions plus a local evidence package. S4
How it makes money
Basic assessment is free; an annual subscription unlocks local history, encrypted evidence-package export, and family use across multiple devices.
The case against
The strongest case against this is that the cost of a misclassification is too high: labeling a real personal threat as a mass scam could cause the user to miss the time needed to report it or protect their family.