Overview Phish and Tell is a real-time phishing detection system designed to protect students from increasingly sophisticated email scams. Our project integrates a chrome extension with a backend risk-analysis API to automatically evaluate suspicious links found in emails, specifically gmail, and provide clear, concise explanations of potential threats. Instead of simply blocking content, Phish and Tell educates sixers by explaining why a link may be dangerous, helping them build digital security awareness while preventing immediate harm. Our inspiration: University students are frequent targets of phishing attacks, particularly through email systems such as Gmail. Messages are impersonating universities, financial services or job opportunities that often appear legitimate and exploit urgency or trust. Many existing spam filters either miss these threats or just silently remove them without teaching users how to recognize the scams themselves. OUr team was inspired by the growing number of campus-related phishing incidents affecting students, including fake internship opportunities and credential harvesting links disguised as official university communication. We wanted to create a tool that not only detects suspicious activity but also empowers users to understand online risks in real-time. Since we understand that most students usually skim over the university mandated cybersecurity training. Rather than building another passive filtering system we focused on the educational aspects, showing users exactly what signals indicate phishing behavior. What the project does: Phish and Tell analyzes links contained within emails and evaluates their risk level using multiple security indicators. When a potentially dangerous link is detected, the system provides a risk score, warning level and explanation directly to the user. The system has three main components:
- Chrome extension: the browser extension monitors email content and extracts links from messages viewed by the user. When a link is detected, the extension sends it to the backend analysis system for evaluation. Based on the response, the extension displays warnings or notifications inside the browser environment.
- Risk analysis engine: our custom risk-checking algorithm evaluates links using indicators commonly associated with phishing attacks, including: ● Use of URL shorteners that hides destinations ● Suspicious or deep subdomain structures ● Login or verification language on untrusted domains ● Redirect parameters that obscure final destinations ● non-HTTPS or insecure connections ● Domains impersonating trusted institutions Each indicator contributes to a calculated risk score (0-100), which is categorized into low, medium or high threat levels. The system also generates human-readable explanations describing detected risks.
- Backend API Integration: the backend serves as the communication bridge between the extension and analysis engine. The extension sends detected links via API requests, and the backend returns structured risk results including score, severity level, and reasoning. The modular architecture allows future integration with additional detection models or external threat intelligence API. How we built the project: Development was done collaboratively, with each team member working on different parts of the project before combining everything together using GitHub. We started by building the risk-analysis logic that evaluates whether a link might be suspicious. This part was written in JavaScript and focuses on checking common warning signs found in phishing links. OUr goal was to make the results easy for users to understand, rather than relying on complex or unclear detection methods. At the same time, we developed the backend API using Node.js and Express. This backend allows the chrome extension to send links for analysis and receive results. Tools such as CORS and JSON parsing helped the extension and server communicate properly, while input validation ensured that requests were handled safely. Next, we built the Chrome extension which interacts directly with email webpages. The extension detects links within emails and sends them to the backend for analysis. Once a response is returned, the extension displays warnings and explanations to the user if suspicious activity is detected. Finally, all parts of the project were combined through GitHUb. Each team member worked on separate branches, which were later merged into one shared repository, allowing us to integrate the frontend, backend and risk detection system into a single working application. Challenges and learning outcomes: One of the primary challenges was integrating the components into a cohesive system. Ensuring compatibility between the browser extension, backend API, and risk analysis engine required careful coordination of data formats and communication endpoints. It was a difficult process but we all learned a lot about full-stack system integration.
Log in or sign up for Devpost to join the conversation.