Inspiration
Some groups are more vulnerable to phishing than others - the elderly, CS students desperate for a job, or kids who think they just won free Robux. Yet these are often the people who receive the least phishing awareness training. We’re here to change that!
What it does
PhishSchool is an interactive, easy-to-use platform that helps users detect and defend against phishing attempts. Users can upload any images or emails they think look sketchy, and PhishSchool instantly analyzes it - giving a phishing-likelihood score and a clear explanation of what makes it suspicious. After that, users can also engage with bite-sized training modules that teach them to recognize common phishing tactics. And for ongoing education, they can opt into realistic phishing simulations that send fake emails periodically to keep them alert and stay scam-smart.
How we built it
We built PhishSchool with a modern full-stack setup that blends sleek design with smart analysis! The frontend runs on Vite, React, and TypeScript, and is styled with TailwindCSS for a fast, responsive, and accessible experience. On the backend we integrate Node.js, FastAPI, and Supabase to handle authentication, data storage, and the communication between the client and server.
For phishing detection, we tapped into Google’s Gemini API, a multimodal large language model that understands and analyzes the text, images, and emails we upload to flag suspicious content. We also plug in our own list of verified domains to cross-check for known phishing indicators.
To make training more interactive, we integrated the Twilio API so users who opt in can receive simulated phishing emails on their own schedule. Finally, we deployed everything on Vercel for smooth hosting, automatic versioning, and rapid iteration while we built and tested.
Challenges we ran into
One of the biggest challenges we faced early on was coordinating through Git and managing our collaboration workflow. Many of us were new to working together on a shared repository, and we initially struggled with merge conflicts, version control, and organization. Over time, we overcame these obstacles by learning on the spot, seeking help from mentors and peers, and improving our communication as a team. We also encountered numerous technical challenges since there were many things we did not know how to implement at first, but persistence, research, and teamwork helped us find solutions. Another early hurdle was deciding on a project idea. Each of us was interested in a different track, which made it difficult to align our goals, but after discussion, we all agreed on the "Protecting N00bs" theme and were excited to build something meaningful under that direction.
Accomplishments that we're proud of
We are proud of how much we learned and accomplished throughout the development of PhishSchool. One of our biggest achievements was successfully applying agile principles and maintaining an organized Git workflow, which greatly improved our collaboration and efficiency. All of us gained valuable hands-on experience and learned new technical skills that went beyond the theory we usually study at BU. It was also the first time some members of our team had worked on a collaborative software project, making this a rewarding and eye-opening experience. Overall, we are proud of how we transformed our classroom knowledge into a functional, real-world application that helps others stay safe online.
Throughout this project, we learned the importance of effective teamwork and agile development practices. Managing our Git repository taught us how to collaborate efficiently and handle version control in a real-world environment. We also gained hands-on experience working with RESTful APIs and database management, including creating and maintaining CRUD operations. In addition, we deepened our understanding of large language models and how to integrate them into full-stack applications. Overall, this project strengthened both our technical and collaborative skills, allowing us to grow as developers and as a team.
What we learned
Looking ahead, we plan to continue improving PhishSchool to make it even more effective, scalable, and accessible. With more resources, we aim to strengthen our phishing detection capabilities and improve the accuracy and reliability of our learning questions. This would also allow us to generate more consistent and realistic example phishing attacks for users to learn from. We plan to expand our simulated training system by introducing multiple fake domain emails, allowing for more authentic testing scenarios and more engaging user experiences.
In addition, we hope to enhance our phishing education platform by introducing gamified learning modules, progress tracking, and achievement badges to keep users motivated. We would also like to launch a browser extension or email plugin to provide real-time phishing detection and instant feedback within users’ inboxes. Finally, we plan to partner with schools, community centers, and cybersecurity organizations to make phishing awareness training more accessible to at-risk populations and ensure that online safety education reaches everyone.
Built With
- fastapi
- geminiapi
- node.js
- react
- sendgridapi
- supabase
- tailwindcss
- typescript
- vercel
- vite

Log in or sign up for Devpost to join the conversation.