Love, Phish

Scam your nan, lovingly. Love, Phish sends safe, AI-tailored fake phishing emails to your naive loved ones. If they click, they get a friendly lesson in spotting red flags instead of a stolen identity

Comment

Inspiration

Every time our parents, grandparents, or uncles encounter a sketchy link, we hold our breath. We realized that lectures don't work, and waiting for them to get hacked is a terrible strategy. We wanted to build a proactive defense mechanism. The philosophy was simple: phish your loved ones before the actual scammers do. We wanted to replace the shame of getting scammed with a safe, educational "gotcha" moment that the whole family group chat can laugh about (and learn from).

What it does

Love, Phish is an educational, zero-harm phishing simulator for your family.

  • Target Selection: You sign up your vulnerable relatives.
  • The Bait: Our AI generates highly personalized, hyper-realistic fake phishing emails tailored to their specific hobbies and soft spots (e.g., a fake Amazon delivery, a compromised Netflix account, or a too-good-to-be-true golf equipment sale).
  • The Catch & Release: If they click the link, no credentials are stolen and no malware is downloaded. Instead, they are redirected to a friendly, educational landing page pointing out the exact red flags they missed. You get a notification, and they get a masterclass in internet survival. ## How we built it We used Lovable to quickly piece together the frontend and get the logic working. To make the phishing emails actually believable, we tied in an LLM that generates custom copy tailored to each relative. When it came to sending the emails and seeing who clicked, we went with Resend as a temporary solution to not buying a domain. ## Challenges we ran into The hardest part of building a fake phishing platform is getting past actual security filters. We had to spend a lot of time tweaking our AI prompts to strike the perfect balance: the emails needed to be highly believable and pass through Gmail or Outlook's strict spam filters, but they still had to contain enough classic "red flags" (like fake sender addresses or artificial urgency) so that your relatives actually have something to spot and learn from. ## Accomplishments that we're proud of -Generating believable bait: The AI takes just a few details and writes emails that actually feel like real, targeted threats, rather than generic spam. -The safe catch: The landing page immediately de-escalates the situation. No data is stolen—it just clearly breaks down the red flags they overlooked. -Starting real conversations: It bridges the generational tech gap. When Grandpa clicks a bad link, you get notified, giving you the perfect opening to call him up, have a laugh about it, and actually walk him through what went wrong instead of just giving a boring lecture. ## What we learned Building Love, Phish on my own pushed me to learn completely new tools and concepts. I learned how to use Lovable to rapidly spin up a functional frontend, getting the core application running incredibly fast. On the logic side, I learned a lot about AI prompt engineering—specifically, how to instruct an LLM to generate phishing copy that strikes the perfect balance between believable and recognizable. I also gained a much deeper understanding of email infrastructure by integrating Resend, which taught me just how complex email deliverability and routing can be. ## What's next for Love, Phish
  • Custom Domain Integration: Setting up a dedicated domain to ensure our simulated emails reliably reach user inboxes without being flagged by standard spam filters.
  • Enhanced AI Generation: Refining the AI to produce even more realistic and nuanced emails for better training scenarios.
  • Adding SMS Support (Smishing): Expanding our tool to simulate fake text messages (like fake delivery notifications) to cover mobile-based scams.

Built With

Share this project:

Updates