• 

  This is the landing pange for the application. Provides a introduction to the application

• 

  Dashboard whuch shows information about the click stats based on the simulation results.

• 

  Page for the company to add new employees to the system.

• 

  Overall results per employee. Provides recommendation of which employees need urgent attention based on click rate of phishing links.

• 

  Interactive AI based Chatbot. Allows employees who fell prey to the phishing drill to interact and learn about cybersecurity.

• 

  Phishing email example.

GoPhish

Inspiration

Phishing attacks are one of the most commonly used forms of cyberattacks. We have personally seen family members fall victim to these attacks, which made us realize how detrimental they can be—especially for businesses. If employees are not educated on these threats, they may unknowingly expose sensitive company information. Instead of simply telling employees what phishing is, we decided to put them through a simulation to expose them to real-world scenarios in a controlled environment. This hands-on approach ensures they can recognize and avoid phishing attacks effectively.

What it does

GoPhish is a phishing simulation application designed to:

• Automate the process of sending random phishing emails to employees.
• Track user interactions, such as when users click on malicious links.
• Provide analytics on user engagement with phishing attempts.
• Help businesses train employees by exposing them to realistic phishing scenarios.
• Integrated AI Assistant Chatbot: The app includes an AI-powered chatbot designed to educate employees about cybersecurity. The chatbot provides real-time guidance, answers questions about phishing and security best practices, and helps users understand how to identify and avoid cyber threats.
• Testing Feature: For testing purposes, phishing simulations are currently set to trigger at regular intervals, sending phishing emails automatically. This ensures that employees receive consistent exposure to cybersecurity risks and can improve their awareness over time.

How we built it

• Frontend: Developed using Streamlit and Python for an interactive and user-friendly experience.
• Backend: Built with Python for automation and phishing email distribution.
• Integrated AI Assistant: AI-powered chatbot to educate employees on cybersecurity best practices and help them recognize phishing threats.
• Email System: mail_service automation for sending simulated phishing emails.
• Tracking Mechanism: Embedded tracking links to monitor when users engage with phishing emails.
• Data Storage: MongoDB for logging phishing attempts and tracking analytics.
• Security Measures: Implemented ethical safeguards with opt-in testing for businesses.

Challenges we ran into

• Implementing a robust tracking mechanism for link clicks without violating privacy policies.
• Developing an AI chatbot that provides effective cybersecurity education in an interactive and engaging manner.
• Designing phishing templates that are realistic yet safe for training purposes.
• Ensuring the system remains scalable and adaptable for different business needs.

Accomplishments we are proud of

• Successfully integrating an AI assistant chatbot to educate employees about cybersecurity.
• Automating the phishing simulation process with real-time tracking and analytics.
• Developing an intuitive and user-friendly dashboard with Streamlit.
• Creating a scalable and customizable phishing training tool for businesses.
• Raising awareness about cybersecurity threats through interactive learning.

What we learned

• The complexities of email security and how phishing emails bypass detection measures.
• The importance of cybersecurity training and its role in reducing cyber threats.
• How to leverage AI to enhance security awareness and phishing training.
• Effective design strategies for realistic and safe phishing simulations.
• Balancing automation with human-centered security education.

Future Plans for GoPhish

• Advanced Analytics: Implement more detailed insights on phishing awareness trends and employee progress.
• AI-Powered Phishing Detection: Enhance the chatbot to generate sophisticated phishing simulations and real-time security guidance.
• Customization Features: Provide businesses with greater flexibility to tailor simulations to their specific industry and risks.
• Integration with Enterprise Security: Support for integration with corporate security frameworks and Learning Management Systems (LMS).
• Automated Reporting System: Generate detailed reports on employee performance and security awareness levels.
• Expanded Chatbot Functionalities: Implement a more advanced AI-driven chatbot to offer interactive training modules, phishing awareness assessments, and real-time responses to cybersecurity questions.
• Multi-Language Support: Expand accessibility for global businesses by incorporating multi-language capabilities.

Contributors

• Tatenda Moyo
• Khawulela Mpono
• Sbonelo Dube
• Manqoba Nkosi
• Charlie Mashinini

• Check Spam Mail !

Additional Acknowledgments

• Inspired by real-world phishing incidents and the need for better cybersecurity training.
• Thanks to the cybersecurity community for resources on phishing tactics and prevention.
• Special thanks to open-source tools and frameworks that made this project possible.

Built With

• flask
• flask-cors
• gemini
• json
• mail-service
• mongodb
• openai
• pandas
• plotly
• pymongo
• python
• streamlit