Hi, my name is Niko Dittmar and I am a junior at Bishop O'Dowd High School. This is my submission for the Stuyhacks XI Hackathon.


I got inspiration for this project while listening to the news about a person who lost 2.2 million dollars in a phishing scam. I thought it was insane for that person to have lost that much money, as before, I always thought that phishing scams were just these annoying, but harmless, emails that I occasionally got in my inbox. After doing research into the topic, I realized just how big of a problem phishing is. Over the past five years, phishing has cost companies in the U.S. 12 billion dollars. I also found that one of the main reasons phishing attacks can be successful is because of lack of knowledge on how to identify and avoid fraudulent emails. These factors inspired me to create Phisherman, a tool that can be used to spread awareness and educate people about the dangers of Phishing.

What it does

Phisherman sends fake phishing emails to a list of people which can be anyone from your employees to your friends to your family or really anyone else you want to teach about Phishing. These emails look just like a real phishing email, however, instead of stealing all of your personal information, if you fall for these emails, they will send you to a page that teaches you what phishing is and how to avoid it. The idea is that no matter what, there will always be a handful people who will fall for Phishing scams sooner or later. However, instead of letting these people learn the hard way by falling for one of these scams and potentially loosing lots of money, they will hopefully fall for a Phisherman dummy phishing email and get sent to a page where they can learn how to avoid phishing without having to loose anything. Phisherman is also more efficient than simply teaching everyone what phishing is because there are plenty of people who already know what phishing is and who will never fall for a phishing scam. Teaching these people about phishing is a waste of time. The philosophy behind Phisherman is to teach only the people that need to be taught.

How we built it

This project was built using html, css, javascript, and node.js. I also used the nodemailer node module to implement the email functionality.

Challenges we ran into

A big challenge I ran into with making this app was my unfamiliarity with Node.js. Before this hackathon, I had no clue how to use Node.js as I had never used it in a project before. In order to make the deadline for the hackathon submission, I only had a couple hours to learn the fundamentals of working with node. Learning Node.js and then applying it to my project in such a short period of time proved to be a difficult, albeit fun, process.

Accomplishments that we're proud of

I am proud of my project as a whole. I am still fairly new to hackathons and this hackathon especially is going to be the shortest one I've ever done. I still cannot wrap my head around the fact that I created an app in pretty much one day. I am also proud of all the things I learned throughout the process. Not only did I learn Node.js from scratch, I also furthered my understanding of Html, Css, and Javascript considerably.

What we learned

I learned a lot during this hackathon. Not only did I get to learn Node.js from scratch, I also got to work on my Html, Css, and Javascript skills.

What's next for Phisherman - Phishing Awareness and Education Tool.

Currently, Phisherman only has one fake phishing email. The goal for the future of the app is to add a larger variety dummy emails. More email templates will help with getting more people to click on the email and to learn about phishing. For example, the current email is based around Bank of America, however, not everyone has an account with Bank of America so they are less likely to click on it. Also, only sending the email once may not be the best as people can potentially miss out on seeing the email altogether. A potential feature is to add the ability for the app to send emails on a semi-regular basis over a certain period of time. This will ensure that everyone has the chance to actually see the dummy email in case some of the other fake phishing emails get buried under a person's normal emails.

Share this project: