Privathon Phishing Detection Project

Logo

Inspiration

In 2022, the FBI reported a staggering 300,497 victims of phishing scams, highlighting the growing threat of cybercrime in our increasingly digital world. Even more alarming is the fact that over a trillion phishing emails are sent each year by cybercriminals. These emails are often crafted to appear legitimate—mimicking trusted brands or institutions—and are designed to deceive users into clicking malicious links. Once clicked, these links can compromise your computer, allowing attackers to steal sensitive information such as usernames, passwords, banking details, and other personal security credentials. We believe everyone deserves to browse the web safely. Our mission is to help users figure out which websites they can actually trust. By analyzing URLs in real-time, we want to give people the confidence to click without fear. The goal is simple: a clear, easy-to-understand trust score for any site, powered by smart checks that catch red flags before they become problems.

What it does

WebFisher is a browser extension we're building to check URLs on the spot and rate their trustworthiness. Every time a user visits a site, WebFisher will run a set of checks in the background and display a score that reflects how reliable that site is. Think of it like a digital gut instinct — only backed by data and AI. We’re using a layered scoring system. Each check contributes to the final trust score. If a site flunks too many of these checks, we flag it as suspicious and warn the user.

Prefix Check (HTTPS vs. HTTP) Why it matters: HTTPS encrypts your data; HTTP doesn’t. What we do: We check if the site uses HTTPS and has a valid SSL certificate. If it doesn’t, it’s a red flag. The familiar lock icon in your browser? We make sure that’s actually there for a reason.
Suffix Check (Top-Level Domain – TLD Analysis) Why it matters: Some domain endings (like .com or .org) are usually safe. Others (like .xyz, .tk, or .click) are commonly used by shady sites. What we do: We maintain a list of trustworthy and high-risk TLDs. Suspicious ones will lower the site’s score significantly.
URL Heuristics Check Why it matters: Malicious sites often use weird tricks in their URLs. What we look for: Super long URLs Random characters or symbols (like @ or too many dashes) IP addresses instead of domain names Misspellings or lookalike characters (go0gle.com instead of google.com)

How we built it

We used GitHub to share the code across different devices. We used python and Visual Studio code as our IDE with modules like urlparse, math, time, random, etc.

Challenges we ran into

As this is our first hackathon we faced a lot of issues with the incorporation of the UI/UX design into our code. We wanted to create a website where we could input our link but we couldn't accomplish that due to lack of experience. We also faced a lot of challenges with debugging our code. We struggled to parse the url and identify the path and the main properly. We ended up utilizing various online modules and libraries. We were unable to implement AI as we couldn't obtain an API key

Accomplishments that we're proud of

We are proud of the advertisement and the code structure and the debugging and the implementation of different python modules

What we learned

This being our first hackathon, we as a team have learnt how to prioritize tasks and split work equally among all members and most importantly, the importance of time management

What's next for Privathon Phishing Detection Project

We want WebFisher to raise the bar for online safety tools. By blending traditional URL analysis with AI that understands both content and context, we’re building a tool that doesn’t just react — it helps users make smarter choices before a threat even gets close.

We also plan to implement the following: AI Web Scraper: Content & Domain Analysis(for future implementation) Why it matters: Sometimes a site looks fine at first glance, but hides threats in the content or structure. What we do: Our AI tool opens the site and checks for: Hidden text or links (via CSS tricks or HTML comments) Suspicious image trackers Sketchy forms asking for sensitive info without proper security Redirection loops Recently registered domains (a common phishing tactic) and, Contextual Credibility Check (AI-Enhanced) (for future implementation) Why it matters: The same URL can be safe or dangerous depending on where it’s shared and how. What we do: If the link comes from an email or message, our AI (likely a local model like LLaMA) will look at the context — sender info, subject line, urgency, poor grammar — all the usual scam signs. It’s like giving the AI a “gut check” ability. We would try to get an API key in the future and scale it up to include AI features

Built With

python
vscode

Submitted to

Privathon Vancouver

Created by

Sathyasai Pasumarthi
Hi everyone! I'm Sai Pasumarthi. I hope I can use my experience to be of use to the world in the future.
Chibueze Benneth
A passionate student navigating his way through the intricacies of the tech world
Oluwasemilore Akinbami
Srija Belide

Updates

Sathyasai Pasumarthi started this project — May 25, 2025 06:52 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.