diff --git a/.arcunit b/.arcunit
new file mode 100644
--- /dev/null
+++ b/.arcunit
@@ -0,0 +1,8 @@
+{
+  "engines": {
+    "phutil": {
+      "type": "phutil",
+      "include": "(\\.php$)"
+    }
+  }
+}
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -10,9 +10,11 @@
   '__library_version__' => 2,
   'class' => array(
     'SecureShieldsUpAction' => 'abuse/SecureSheldsUpAction.php',
+    'SecureShieldsUpTestCase' => 'abuse/__tests__/SecureSheldsUpTestCase.php',
   ),
   'function' => array(),
   'xmap' => array(
     'SecureShieldsUpAction' => 'HeraldAction',
+    'SecureShieldsUpTestCase' => 'PhabricatorTestCase',
   ),
 ));
diff --git a/src/abuse/SecureSheldsUpAction.php b/src/abuse/SecureSheldsUpAction.php
--- a/src/abuse/SecureSheldsUpAction.php
+++ b/src/abuse/SecureSheldsUpAction.php
@@ -108,15 +108,43 @@
       '8007909186',
       '800059007',
       '8008101018',
+      '8002044122',
+      '8007992667',
+      '8557092847',
     );
 
+    if (self::matchPhoneNumbers($numbers, $content)) {
+      return true;
+    }
+
+    return false;
+  }
+
+  public static function matchPhoneNumbers(array $numbers, $content) {
+    $swap = array(
+      'o' => '0',
+      'O' => '0',
+      '@' => '0',
+      '()' => '0',
+
+      'i' => '1',
+      'I' => '1',
+      '|' => '1',
+      'l' => '1',
+    );
+
+    $content = str_replace(
+      array_keys($swap),
+      array_values($swap),
+      $content);
+
     foreach ($numbers as $number) {
       $regex = array();
       for ($ii = 0; $ii < strlen($number); $ii++) {
         $regex[] = $number[$ii];
       }
       // Reject all variants of the number with other random punctuation or
-      // spaces betwee the digits.
+      // spaces between the digits.
       $regex = implode('[^\\d]{0,6}', $regex);
       $patterns[] = '/'.$regex.'/';
     }
@@ -130,7 +158,6 @@
     return false;
   }
 
-
   private function quarantineUser(PhabricatorUser $user) {
     // For now, just log the user out of all their sessions so it's not a big
     // deal if we hit a friendly user by accident. We could make this more
diff --git a/src/abuse/__tests__/SecureSheldsUpTestCase.php b/src/abuse/__tests__/SecureSheldsUpTestCase.php
new file mode 100644
--- /dev/null
+++ b/src/abuse/__tests__/SecureSheldsUpTestCase.php
@@ -0,0 +1,38 @@
+<?php
+
+final class SecureShieldsUpTestCase extends PhabricatorTestCase {
+
+  public function testPhoneNumberDetection() {
+    $numbers = array(
+      '8002044122',
+    );
+
+    $tests = array(
+      '8002044122' => true,
+      '1 (800) 204.4122' => true,
+      '80012044122' => false,
+
+      '8OO2o44I22' => true,
+
+      // Does not contain the number.
+      'Pulse Rifle' => false,
+
+      // Currently, we give up after 6 characters without finding the next
+      // digit.
+      '800........204.4122' => false,
+
+      // We aren't wizards, but users aren't either.
+      'eight hundred, then dial two zero 4, then 41 and finally twenty two'
+        => false,
+    );
+
+    foreach ($tests as $input => $expect) {
+      $actual = SecureShieldsUpAction::matchPhoneNumbers($numbers, $input);
+      $this->assertEqual(
+        $expect,
+        $actual,
+        pht('Detection of phone numbers in: %s', $input));
+    }
+  }
+
+}