PhishFinder

• 

  Homepage

• 

  Dashboard

• 

  Training

Inspiration

The inspiration for PhishFinder stemmed from the ever-increasing threat of phishing and online scams. We noticed that while many people are aware of these dangers, traditional security training can often be dry, forgettable, and fails to engage users effectively. We saw a need for a more interactive and enjoyable way to educate people about identifying and avoiding these malicious attempts. The idea was to transform a typically mundane but critical learning process into a gamified experience that empowers users to become proactive defenders of their own digital lives.

What it does

PhishFinder is an interactive web platform designed to train users to recognize and respond to phishing and other online scams. It achieves this through a series of engaging features: Realistic Phishing Simulations: Users are presented with simulated phishing emails, text messages, and social media posts that mimic real-world scam tactics. Gamified Learning: For every correct identification of a scam and for completing learning modules, users earn points, unlock achievements, and collect badges. Leaderboards: A global and friends-based leaderboard adds a competitive element, encouraging users to improve their scam-spotting skills. In-depth Educational Content: After each question, users receive detailed explanations of the tell-tale signs of a scam, helping them to learn from their mistakes in a safe environment. Personalized Progress Tracking: A user dashboard allows individuals to track their performance, view their badge collection, and identify areas where they may need more training.

How we built it

PhishFinder is built on a modern and robust technology stack: Frontend: The user interface was developed using React, a popular JavaScript library for building dynamic and responsive user interfaces. We utilized Material-UI for a clean and intuitive design. Backend: The server-side logic is powered by Node.js and the Express framework, providing a fast and scalable foundation. Database: We use PostgreSQL to store user data, achievements, and the extensive question bank of phishing simulations. Gamification Engine: A custom-built gamification engine handles the logic for scoring, badges, and leaderboards to create a compelling user experience. Deployment: The application is containerized using Docker and deployed on a cloud platform for high availability and scalability.

Challenges we ran into

Throughout the development of PhishFinder, we encountered several challenges: Creating Realistic Simulations: It was a significant challenge to create phishing simulations that were realistic enough to be educational, yet not so convincing as to cause alarm or be mistaken for genuine threats. Balancing Gamification: Designing a gamification system that was motivating without being overly competitive or distracting from the core learning objectives required careful planning and iteration. Content Generation: Developing a large and diverse question bank of high-quality, up-to-date phishing examples was a time-consuming process that required extensive research into current scam trends. User Engagement: Keeping users engaged over the long term is a continuous challenge. We are constantly exploring new features and content to ensure the platform remains fresh and relevant.

Accomplishments that we're proud of

We are incredibly proud of several key accomplishments with PhishFinder: A Truly Engaging Learning Experience: We've successfully created a platform that users genuinely enjoy interacting with, turning a passive learning experience into an active and fun challenge. Positive User Feedback: The positive feedback from our initial user base has been overwhelming, with many reporting a tangible increase in their confidence in spotting real-world phishing attempts. A Comprehensive and Evolving Curriculum: We have built a robust and varied curriculum of phishing examples that we are continually updating to reflect the latest scamming techniques.

What we learned

This project has been a significant learning experience for the entire team. On a technical level, we have deepened our expertise in our chosen tech stack. More importantly, we have gained invaluable insights into user psychology and the principles of effective educational design. We've learned that by making learning enjoyable and rewarding, we can empower individuals to protect themselves from online threats more effectively than through traditional training methods alone.

What's next for PhishFinder

We have an exciting roadmap for the future of PhishFinder, with several new features and expansions planned: Advanced Training Modules: We plan to introduce new modules covering more advanced topics such as voice phishing (vishing), SMS phishing (smishing), and business email compromise (BEC). Team and Organizational Features: We will be rolling out features for businesses and organizations to train their employees, including team-based leaderboards and administrative dashboards to track overall progress. Mobile Application: To make learning even more accessible, we will be developing native mobile applications for both iOS and Android platforms. AI-Powered Simulations: We are exploring the use of artificial intelligence to generate dynamic and personalized phishing simulations that adapt to each user's learning progress and susceptibility. Community Hub: We aim to build a community forum where users can share their experiences, discuss new scam trends, and help each other stay informed and secure.

Built With

• next.js