Phishing Detection Tools Wins University Digital Education Hackathon
University of Edinburgh Informatics student succeeds in Edinburgh Digital Hackathon with support from the Information Services Group.
On November 12th 2020 the University of Edinburgh hosted a digital hackathon calling on the Edinburgh community to help design practices, applications and digital spaces that would enhance the distributed campus and its diversity. The winning team was provided the opportunity to compete in a global award contest for €5000.
University of Edinburgh Informatics student Elena Lape won the competition with her phishing detection tool – College Phish. Elena was supported by ISG who provided her with access to real phishing emails to help inform her project.
The same week that the Digital Education hackathon was announced, I received an email from ISG about a new Outlook feature being implemented to warn our students and staff about suspicious content. For the hackathon, I wanted to solve a real problem, so the ISG email put the idea in my head — considering the sheer volume of phishing what if I come up with something for detecting phishing emails? And so College Phish was born.
College Phish is a webapp that utilizes the concept of crowd-sourced emails, from historical and user-submitted data by students and staff, to notify users about the authenticity of their emails. If a user believes an email to be suspicious, he/she can paste the content into the site and see how similar it may be to content reported from other known phishing attempts. The application can also inform users of whether and how many other times similar emails have been submitted.
“ISG helped me understand the problem and solidify the app idea. They advised me of how phish detection currently works, what features Outlook has to catch them, and what can be improved. They also gave me a bunch of known phish email data from user reports, which I could then feed into the app's database,” said Elena.
Following her victory, Elena’s project will go on to compete in the global competition. As for the future of the application, Elena mentioned she would be interested in adding more features, such as a timestamp for when emails are submitted and checked so users can have a better idea of the relevance of the information. She also expressed a desire to see some of the app’s components potentially incorporated into the University’s current phishing detection tools and indicators such as the ability for students and staff to check whether others received a similar email.
I’m delighted with Elena’s success and that we were able to help in a small way. Phishing is a significant problem and we will follow this work with interest. I’d like to wish Elena well in the global contest.
The College Phish tool can be accessed here: https://practical-pasteur-792d44.netlify.app/
