While thinking about the "rugged" design for hackathons, we thought about the best way to educate users such that they'll be ready for future attacks, as preventive software, while effective, always has to meet challenges. Our solution to this was to train a different type of subject - the user - to identify potential scams if the software cannot. That way, the user could remember these threats and stay informed of potential phishing threats/attempts.
What it does
In the game, the user would have to drag-and-drop various email images into two buckets - one for Phishing, one for Legit - in a time limit. By default, the time limit would be 1 minute, there'd be 15 emails to sort through, and 5 of them would be phishing emails. By the time the game or time is up, the buckets would be emptied and the total amount correct/incorrect in each button would be tallied. Moreover, the TYPES of scams would be taken into account, such as whether or not the phishing attempt was whaling, or spear phishing, and those results would be displayed as well.
The app would have a database sorted into scam and legitimate emails, that would then have random images pulled from them for the game. Ideally, the database would be updated periodically as well.
How I built it
With a lot of help and guidance from Nitin(my teammate), I learnt ReactJS for this project - although I'd always wanted to learn React and tried a few sample projects, this was my first time truly making a web React app, and learning how to use Github in conjunction with it. We used React for both the main menu and the implementation of the game itself, which we'd use Drag and Drop for.
Challenges I ran into
One challenge that I ran into was using Bootstrap for buttons - as it was my first time using React for this type of app, I installed Bootstrap incorrectly and I couldn't make those buttons. My solution was just to opt for pure CSS and HTML and make those types of buttons instead with Nitin.
Accomplishments that I'm proud of
I got to start learning React in only 2 or 3 hours, despite missing team members. My only other team member, Nitin, was extremely invaluable in guiding me through the process without giving me the answers straight away. I got the chance to also implement the design of the software by using state machines to control the flow of the project.
What I learned
I learnt about how to handle conflicts in ideas during the software development process, such as missing team members or slight disagreements on components in the React app. For the former, I learnt how to learn the necessary frameworks quickly so that I could start on the project. For the latter, I learnt how to compromise, as well as adjust my own point of view to understand the other person(s).
What's next for Go Phish
I'm going to attempt full functionality of this app, as I believe it is something that will definitely help users well down the road into identifying potential threats. At the same time, I want to keep my mind open in case the direction of the project changes.