Phish-Hook

What inspired us

As CS students, AI and emerging tech are tools we work with every day. We understand how they work, what they’re capable of, and where they’re heading. But at some point, we had to consider the other side of that. The same voice generation, the same language models, the same automation we find exciting are actively being used against people who have no framework to recognize it. Older adults and vulnerable individuals aren’t just facing the old-school scams anymore. They’re up against synthetic voices, generated emails, and pressure tactics that even technically literate people find convincing. We decided to take everything we know. The AI tools, the engineering, and the understanding of how these systems work, and build something that puts that knowledge in the hands of the people who need it most.

What it does

Phish-Hook drops users into the scams before scammers do. Users work through a 5-level Concept Ladder, each level targeting a different manipulation layer. Emotional pressure, unusual payment requests, isolation tactics, verification resistance, and finally safe response habits. To get through each level, they have to actually recognize what's happening in real-time: inside, there are voice calls, inside a phishing email sitting in a fake inbox. The scenarios aren't static. Every voice call and phishing email is freshly generated — with different wording, different pressure tactics, and different pretexts — so users are training their pattern recognition, not memorizing a script.

How we built it

The core of Phish-Hook is its simulation. We used AI to generate the voice scam calls and phishing emails that power every quiz and scenario, making sure the material mirrors what real attacks actually look and sound like rather than sanitized textbook examples. On the technical side, we built the frontend with React.js and Next.js, and used MongoDB to handle user progress, scenario storage, and generated content. The database tracks what each user has encountered and where they’re struggling, so the experience adapts as they move through the concept levels.

Challenges we ran into

Most of our time wasn't spent building features.It was spent fighting the infrastructure to let us build them. Connecting the frontend and backend was a persistent battle of misconfigured endpoints, all sorts of git merge errors, and the classic localhost chaos that comes with juggling multiple local servers that refuse to cooperate with each other. What looked straightforward on paper turned into hours of debugging environment issues before we could test the actual product.

What we learned

That the gap between "it works on my machine" and "it actually works" is where most of your time goes. We came in focused on building and left with a much deeper appreciation for the unglamorous side of development. Beyond the technical headaches, we genuinely leveled up. Debugging under pressure, reading errors we'd never seen before, and figuring things out on the fly taught us more than any classroom setting could. We also learned how to actually collaborate as a team, dividing work, and making decisions fast when time is running out.