PhishingPhindr

Inspiration

Phishing is one of the most common and dangerous online threats, but many people still struggle to tell whether an email is actually malicious. I wanted to build a tool that does more than just label something as safe or unsafe. My goal was to create a phishing detection platform that looks polished, feels real, and helps users understand why an email is suspicious.

What it does

PhishGuard AI is a phishing detection platform that helps users determine whether an email is safe or malicious. Users can paste suspicious email content into the app, and the system analyzes it for common phishing indicators such as fake links, urgency tactics, impersonation, and requests for sensitive information. The AI then provides a clear risk verdict along with a detailed explanation of why the email may be dangerous. Instead of just labeling something as phishing, it breaks down the warning signs so users can understand the reasoning behind the decision. The platform also includes secure user accounts, allowing users to log in, manage their sessions, and use the tool in a reliable environment. Overall, the goal is to make phishing detection simple, fast, and easy to understand for everyday users.

What I built

We built PhishGuard AI, a phishing detection chatbot and workspace that analyzes suspicious emails and gives users a clear explanation of the warning signs. The platform highlights signals like urgency language, brand mismatch, credential requests, and suspicious domains, then combines them into a readable risk score and verdict. I also focused on making the overall experience feel production ready, with secure authentication flows, email verification, password reset support, and protected sessions.

How I built it

The app was built as a modern web application with a strong focus on both security and usability. It uses a Next.js app architecture and a PostgreSQL backed data model, and it is deployed on Vercel for fast and clean hosting. I also added an AI explanation layer so the system does not just detect phishing attempts, but explains its reasoning in plain English for the user.

Challenges I faced

One of the biggest challenges was balancing technical accuracy with user experience. A phishing detector is only helpful if the results are easy to understand, so I had to think carefully about how to present risk signals in a way that felt simple and trustworthy. Another challenge was building a secure authentication system with email verification, password recovery, duplicate email protection, and protected access, while still keeping the app smooth and professional.

What I learned

This project taught me a lot about full stack development, security focused design, and how important explainability is in AI products. I learned that a good security tool should not only make predictions, but should also help users build confidence in those predictions. More than anything, I learned how to turn an idea into something that feels like a real product rather than just a prototype.

How we built it

We built PhishGuard AI as a full stack web application using Next.js, which allowed us to handle both the frontend and backend in one system. The app is deployed on Vercel for fast performance and easy scaling. We created an AI analysis system that takes in email content and checks for phishing signals like suspicious links, urgency language, fake branding, and requests for sensitive information. The AI then generates a clear explanation and assigns a risk level so users understand both the result and the reasoning.

On the backend, we set up a PostgreSQL database to manage user accounts and store important data securely. We also implemented authentication features such as sign up, login, email verification, and password reset to make the platform feel like a real product. We focused heavily on keeping the UI clean and simple so users can quickly paste an email and get results without confusion. Throughout development, we tested the app continuously and deployed updates using Vercel to ensure everything worked smoothly in a live environment.

Challenges we ran into

One major challenge was making the AI output both accurate and easy to understand. Early versions were too technical, which made them less useful for everyday users. Another challenge was building a secure and smooth authentication system without breaking the user experience. We also ran into issues with deployment and environment variables while working with Vercel, which required debugging and restructuring parts of the app. Ensuring the app handled edge cases like duplicate accounts and invalid inputs was another key difficulty.

Accomplishments that we're proud of

We are most proud of creating a platform that feels like a real product instead of just a prototype. The AI does not just give a result, it explains why something is phishing, which makes it more useful and trustworthy. We successfully implemented full authentication flows, secure data handling, and a clean user interface. The deployment is stable and accessible online, which shows that the project is production ready.

What we learned

We learned how to build and deploy a complete full stack application from start to finish. This included working with modern frameworks, managing databases, and handling authentication securely. We also learned the importance of explainability in AI systems and how critical user experience is in security tools. Debugging real deployment issues and fixing them taught us how to think more like engineers rather than just coders.

What's next for PhishGuard AI

We plan to improve the accuracy of the AI model by training it on more real world phishing examples. We also want to add features like browser extensions, real time email scanning, and a dashboard that tracks phishing trends over time. Another goal is to integrate APIs that can verify domains and links in real time. In the future, we want to expand this into a complete cybersecurity tool that can help both individuals and organizations stay protected.

Built With

• ai-powered-email-analysis
• authentication-flows
• email-verification
• next.js
• password
• postgresql
• reset
• vercel