AntiFish

AntiFish is an extension that prevents users from accessing phishing links sent online. In addition, it provides a Telegram service which checks whether a link might be harmful.

Comment 1

Inspiration

Phishing attacks are rampant. As more financial services moves online, there are more opportunities for ill-intended cyber-criminals to trick unsuspecting victims into handing over their personal information or completing an unintended purchase. Our team hopes to spread awareness of the rise of phishing attacks and protect users from possible such attacks through the convenience of a simple browser extension and a Telegram bot.

What it does

This project consists of two parts -- a Chrome browser extension and a Telegram bot, they have the following functionalities:

Checks

There are three levels of check performed.

  1. Checks whether the content (if it is a URL) of an <a> tag matches the href value.
  2. Calls a backend API hosted of GCP. The API verifies that the domain that the user is trying to reach is not a known phishing domain. A CRON job is scheduled to be ran every hour to update the database of the new phishing links.
  3. The same backend API verifies that the URL must be exactly the same as known good websites such as banks or it has no similiarity to known good websites. This prevents any sort of phishing by the attacker where the attacker mimics trusted domains maliciously. This is done by matching the URL string with our database where THRESHHOLD < URL < 1 are URLs that are too similar to known domains and thus are considered untrustworthy.

Reporting

The Telegram bot supports a URL reporting function which submits the phishing URL to the backend. The backend in turn flags the domain as a possible phishing domain after investigation from the team.

How we built it

We built the extension with Javascript. We wrote our API functions in Python and deployed it via Google Cloud Provider's (GCP) cloud functions. We built the Telegram bot with the python-telegram-bot library, which is a Python interface for the Telegram Bot API.

This is our hosting and infrastructure:

  • Telegram bot is hosted on Heroku
  • All backend APIs are hosted on GCPs cloud functions
  • Database is hosted on GCP's firestore

Challenges we ran into

We ran into a few challenges in coming up with a suitable idea for our track as this problem is not trivial. Thus it was hard in coming up with a solution that has high impact but we can develop relatively fast.

We also faced certain technical challenges around security configurations of the chromium engine which made it quite hard for us to call our backend APIs.

Accomplishments that we're proud of

Within a day we have discovered quite a bit about Phishing techniques and manage to implement a solution that prevent most of the well known Phishing scams while also ensuring that our tools that we build are as user friendly as possible with a low barrier of entry.

What we learned

One of the huge learning points other than learning about the technical details and implementation of our tech stack is working efficiently in a team with people of varying skillsets and expertise. How to allocate tasks efficiently and to take full advantage of each members skillset is extremely important especially in a hackathon with a short time limit.

What's next for AntiFish

Our platform is build to be scalable and extensible, we can incorporate more features such as anti-keylogging. In addition, with the inclusion of more user data and traffic, we might be able to serve predictions of websites before that site is even known to be a phishing site using a machine learning model.

Built With

+ 15 more
Share this project:

Updates