HookIT

The login page for the website
The components page showing the statistics

Inspiration

Phishing emails remain one of the most common and effective forms of cyberattack. Many attacks succeed not because systems are weak, but because the emails look convincing enough to trick people. During brainstorming, we realized that most email protection tools focus on filtering spam, but they rarely help users understand why an email might be dangerous. We wanted to build something that not only blocks phishing attempts but also explains them. That idea led us to create HookIT — a system that acts as a security checkpoint before emails reach your inbox.

What it does

HookIT is an AI-powered email phishing interception platform. Each user receives a unique proxy email address, and all incoming emails are first routed through HookIT before reaching their inbox. The system analyzes every email using three detection engines: URL scanning through the Google Safe Browsing API, email header authentication checks such as SPF and DKIM, and AI analysis powered by Claude to detect phishing language and impersonation attempts. Based on these checks, HookIT generates a phishing risk score. Safe emails are forwarded to the user, while suspicious or malicious emails are quarantined. Users can then log in to a dashboard to view detailed analysis results, including risk scores, malicious links, impersonated brands, and AI reasoning behind each verdict.

How we built it

We built HookIT as a full-stack system combining several technologies. The backend is built with Node.js and Express, which handles incoming email webhooks, phishing analysis, and forwarding logic. Mailgun is used to receive inbound emails and forward safe ones to users. Supabase powers authentication through Google OAuth and stores email analysis data in a Postgres database with row-level security. For the frontend, we created a React dashboard using Vite and Recharts to visualize email statistics and analysis results. The system integrates three analysis engines — URL scanning with Google Safe Browsing, header verification checks, and AI-based content analysis using Gemini. The platform is deployed using Railway for the backend and Vercel for the frontend.

Challenges we ran into

One of the biggest challenges was coordinating multiple systems in real time. Handling inbound email webhooks, running multiple analysis engines in parallel, and then routing the email correctly required careful orchestration. Integrating AI analysis in a way that produced structured, explainable results was also challenging. Another difficulty was designing a scoring system that balanced the outputs of different detection methods while still producing clear verdicts. Finally, making the dashboard responsive and meaningful with real-time updates required careful integration between the backend, Supabase database, and frontend components.

Accomplishments that we're proud of

We’re proud that HookIT works as a complete end-to-end system rather than just a concept. Emails can actually be intercepted, analyzed, scored, and either forwarded or quarantined automatically. The dashboard provides clear visual insights into phishing threats and explains the reasoning behind each detection. We’re also proud of successfully integrating multiple technologies — AI analysis, security APIs, email routing, and real-time dashboards — into a single cohesive platform within the limited time of a hackathon.

What we learned

Through building HookIT, we learned a lot about email security infrastructure and how phishing detection works in practice. We gained experience integrating third-party APIs such as Mailgun, Google Safe Browsing, and AI models into a single workflow. We also learned how important it is to design systems that not only detect threats but explain them clearly to users. On the frontend side, we improved our skills in building data dashboards and visualizing real-time analytics.

What's next for HookIT

Browser extension: A Chrome/Firefox extension that scans emails directly in Gmail/Outlook without requiring a proxy address, lowering the barrier to entry. ML model fine-tuning: Train a dedicated phishing detection model on our accumulated dataset to supplement or replace the Gemini API, reducing latency and cost.