Inspiration

Phishing is an attack where a victim receives a malicious email, which seems legitimate. The email will contain links or attachments which may contain malware, aimed to harm the victim by collecting private information or destroying data.

Phishing attacks are still a major source of threats, as they result in yearly losses of £314 million for large enterprises. Individuals are affected as well, as these attacks compromise personal data and allow for attackers to steal passwords and usernames.

We were therefore inspired to develop an application which can provide a solution for this problem.

What it does

Our application is an entire toolkit against phishing and has several different features. We explain these below:

Information page

The application has a general information page, explaining what phishing is and what someone can do to prevent falling victim to these attacks.

Training

In the 'quiz' section, users are presented with emails and are asked to judge whether or not it is a phishing email. It keeps track of the answers and presents results in the 'statistics' section.

Statistics

This section shows the number of right and wrong answers given in the 'quiz' section. The user can then keep track if he/she is improving in detecting phishing emails.

Phishing mail scanner

This feature allows a user to take a photo an email and receive immediately feedback on whether or not it is a phishing email.

Phishing mail upload

In case a user receives a suspicious email or SMS on the phone, it is possible to take a screenshot of this message and upload it. Similar to the scanner, it will inform whether or not is a phishing email.

Login

For the app to keep track of individual statistics and records, there is a login function.

Tip of the day

Lastly, upon logging in, the user is presented with a tip of the day to prevent phishing. For example: 'When suddenly asked to make a payment for your employer/boss, verbally confirm with him/her.'

How we built it

The front end makes use of Ionic and Angular. Upon making a photo of an email, a base64 encoded version of the email sent to the backend. This backend, built with Django and Python, uses Optical Character Recognition (OCR) to extract the text from the photo.

Next, the words from the email are converted to high dimensional vectors (so that the computer can read it). These vectors are fed into a neural classifier, which makes use of 1 dimensional convolutions and recurrent memory units to remember temporal patterns. The classifier predicts whether the email is phishing or not. The model was tested on 1,115 emails and is 98% accurate. The output of the classifier is sent back to the user.

Challenges we ran into

We had difficulty finding a dataset of phishing emails. For security reasons these email are not quickly published. Shady datasets were often blocked by the anti-virus, since often these emails have malicious attachments.

We also took some time integrating the different components of the app.

Accomplishments that we're proud of

We built a complete app with a very advanced machine learning algorithm in the backend.

What we learned

Natural Language Processing, Ionic 2, NodeJS, and JavaScript

What's next for Phish 'n Chips

Keep hacking!

Built With

Share this project:
×

Updates