CyberShield

Inspiration

Scams have evolved far beyond spam emails and obvious fake links. Modern phishing and fraud campaigns are emotionally intelligent, visually polished, and designed to manipulate human behavior in real time. We wanted to build something that does more than say, "this looks suspicious." The goal behind CyberShield was to create a system that understands why an attack is dangerous, what the attacker is trying to achieve, and when to intervene before damage happens.

The project was inspired by a simple observation: most people do not get hacked because they fail to understand technology. They get trapped because the attacker is better at creating urgency, fear, trust, or confusion. CyberShield was built to close that gap.

What it does

CyberShield is a real-time scam detection and intervention platform designed to protect users from phishing, impersonation, credential harvesting, financial fraud, and wallet-drain attacks.

It analyzes suspicious messages, URLs, and pages, then transforms that analysis into a structured threat casefile. Instead of stopping at detection, CyberShield also:

• reconstructs attacker intent
• predicts the likely next step in the attack
• maps psychological manipulation techniques such as urgency, fear, authority abuse, greed, trust hijack, and confusion
• generates an impact forecast and safe-response guidance
• intervenes through a browser extension before users submit sensitive information

The platform includes a Next.js web application, a FastAPI backend, and a Chrome extension for live page scanning and intervention.

How we built it

We built CyberShield as a multi-surface security product with three main parts:

1. FastAPI backend The backend handles the analysis pipeline, threat scoring, manipulation mapping, attack-path forecasting, casefile generation, and explanation logic. It also integrates with external threat intelligence and model-based classification.

2. Next.js frontend The frontend provides the main product experience:

   • landing page
   • analyzer
   • results console
   • campaign history view

We designed it to feel like a real cybersecurity platform rather than a simple demo dashboard.

1. Chrome extension The extension scans the active page, extracts behavioral and structural signals, highlights suspicious content, guards risky form submissions, and opens an intervention overlay when a dangerous flow is detected.

Technically, the system combines:

• model-driven content analysis
• URL and domain heuristics
• behavioral page signals
• rule-based scam pattern detection
• threat intelligence checks
• intervention logic in the browser

Challenges we ran into

One of the biggest challenges was moving beyond a basic classifier into something that felt truly original and product-grade. Detection alone was not enough. We had to rethink the project as a full scam intelligence and intervention system.

We also ran into several technical challenges:

• keeping the frontend, backend, and extension aligned as one product
• improving the design so it looked premium rather than dense or generic
• handling deployment issues on Vercel, especially backend runtime constraints and temporary filesystem behavior
• debugging stale Next.js cache behavior during rapid iteration
• tuning extension results so richer page-level scans were not overwritten by weaker URL-only scans
• calibrating scoring so realistic phishing pages were labeled consistently as high risk

Another major challenge was balancing strong intervention with usability. If we blocked too aggressively, the experience would feel broken. If we were too soft, the protection would not be meaningful.

Accomplishments that we're proud of

We are especially proud that CyberShield does not stop at detecting scams. It explains them.

Some of the strongest outcomes we achieved:

• turning suspicious input into a structured threat casefile
• adding a psychological manipulation map rather than only technical indicators
• forecasting attacker next steps and likely damage
• building a real-time browser intervention flow
• deploying the frontend and backend publicly
• turning the interface into a cohesive, premium cybersecurity experience
• creating a safe phishing simulation page for realistic testing of the extension

What makes CyberShield special is that it treats scams as coordinated human attacks, not just bad text.

What we learned

We learned that building effective security tools is as much about psychology and product design as it is about detection models.

A few big lessons stood out:

• users need explanation, not just alerts
• consistency across web, backend, and extension matters a lot for trust
• deployment realities can reshape architecture decisions quickly
• behavioral context can dramatically improve scam detection quality
• intervention design must be deliberate: strong enough to protect, but clear enough to keep users in control

We also learned how much polish matters. A good idea becomes much more convincing when the interface, workflow, and technical behavior all reinforce the same story.

What's next for CyberShield

Our next step is to push CyberShield from a strong deployed product into a more scalable security platform.

Planned next steps include:

• replacing temporary local history storage with a managed database
• improving campaign clustering and scam family mutation tracking
• expanding wallet and transaction-intent analysis
• adding stronger real-time protection for extension workflows
• building team/admin views for shared security monitoring
• improving evaluation and benchmarking with labeled scam datasets

The long-term vision for CyberShield is a system that does not just detect fraud after it appears, but actively learns how scam campaigns evolve and protects users before they fall for them.

Built With

• chromeextensionapis
• css
• fastapi
• html
• httpx
• huggingfaceinferenceapi
• javascript
• next.js
• openaiapi
• pydantic
• python
• react
• sqlite
• tailwindcss
• typescript
• urlhaus
• uvicorn
• vercel
• virustotalapi