Team Name

DEBUT

Team Members

Project Description

PhishSlayer

This project was inspired by a team member's personal experience. They once received an email that looked important but also appeared suspicious and could not determine whether it was safe to reply or click. After spending considerable time verifying its authenticity, it became clear that this was a broader issue: people process dozens of messages every day and need a way to quickly and effectively determine which ones can be trusted.

We address this challenge by developing a lightweight application that helps users instantly check suspicious emails, SMS, or social media messages. The application combines AI-assisted analysis and open threat intelligence databases to provide clear and explainable results.

Background / Problem

In 2024, Australians reported losses of $2.03 billion to scams and more than 494,000 scam reports (National Anti-Scam Centre [NASC], 2024). Among the top five scam categories, phishing alone caused $84.5 million in losses — showing that this threat remains widespread and damaging.

Phishing attacks and scam messages typically trick users into disclosing:
- Account credentials
- Financial information
- Other sensitive data

Many people, especially older adults and those less familiar with digital technology, lack tools to quickly verify suspicious content.

Small and medium-sized enterprises (SMEs) face particular challenges due to limited resources and insufficient employee training. The cost of uncertainty is high, as ignoring a legitimate message can cause delays, while trusting a fraudulent one can lead to severe financial and reputational damage.

Our mission is to give people clarity and confidence, transforming uncertainty into safe and informed decisions.

Figure 1: Scam losses, reports, and top scam types in Australia (2024)

Application Architecture

The app follows a hybrid detection pipeline:

1. Input Layer: The user uploads a screenshot of the suspicious message. The application then uses Optical Character Recognition (OCR) to extract text, emails, phone numbers, and URLs.

2. AI-assisted Analysis: The extracted text is sent to a pre-trained machine learning model (mrm8488/bert-tiny-finetuned-sms-spam-detection) via the Hugging Face API. This model classifies the text as either "Scam" or "Not Scam" and provides a confidence score.

3. Threat Intelligence Check: Any URLs and email domains found in the text are cross-referenced with the URLhaus database to check if they are associated with known malicious activity.

4. Output Layer: The application displays the classification result and confidence score. It also highlights any URLs or domains that were found in the URLhaus database. For a more detailed explanation, the application can use a local Ollama model to generate a clear and concise summary of why the message may be malicious, with advice for a non-technical user.

Figure 2: Workflow Diagram

Figure 3: AI Diagram Image

Prototype

Figure 4: High-fidelity Prototype

Figure 5: Low-fidelity Prototype

Web App

Figure 6: Web App Front Page

Datasets

• URLhaus – Malicious URL Database: This is used as an external dataset to cross-validate suspicious URLs and email domains found in the submitted text. It helps to improve detection accuracy by identifying links to known malware and phishing sites.
• 2024 National Anti-Scam Centre Report: This report serves as a background reference to contextualize the significance of the problem and provide statistics on the financial losses caused by scams in Australia.
• 2023–2030 Australian Cyber Security Strategy: This document is used as a background resource to highlight the challenges faced by SMEs in cybersecurity awareness and training, which helps to strengthen the rationale for the project.

Limitations

• Coverage: The threat intelligence check is limited to the URLhaus database, so new or unlisted phishing sites may not be detected.
• Accuracy: The AI model may produce false positives or negatives, especially with new or sophisticated scam techniques.
• Scope: The current design is limited to text and URLs extracted from images. It does not address other forms of phishing, such as voice or video-based scams.
• Privacy trade-off: While designed for local-first analysis, server-side processing may raise data trust issues.

Future Development

• Integration with more threat intelligence feeds: Incorporate other databases like PhishTank and the APWG eCrime eXchange to improve coverage.
• Multi-language support: Add support for multiple languages to better serve diverse communities.
• Community reporting system: Allow users to submit new phishing samples to help train and improve the detection models.
• Browser extension & chatbot: Expand the application to provide real-time scanning and protection in daily workflows.
• Continuous AI learning: Implement a system for continuous learning to improve the classification models with new phishing variants.

Progress - It is the friends we've made along the way

Data Story

Real-world Motivation
Phishing is no longer an abstract cybersecurity concern; it is a daily challenge for individuals and organisations. Suspicious emails or messages often appear important, yet their legitimacy is unclear. This uncertainty forces people to rely on guesswork, increasing the risk of financial loss, data theft, or missed opportunities. Our project responds to this challenge by providing users with a simple and immediate way to verify suspicious communications.
Sources of Insight
The system draws on multiple sources of knowledge to establish a strong detection foundation:
• Open phishing intelligence feeds such as PhishTank, APWG, and URLhaus.
• Practical examples of phishing messages from user contributions and training environments.
• Linguistic risk indicators, including urgency, threats, and reward-based language, drawn from cybersecurity awareness research.
These insights ensure the application is grounded in both technical evidence and human behavioural patterns.
Detection Process
Messages are analysed through a structured pipeline:
1. Extraction: Text and URLs are retrieved from emails, SMS, or screenshots. OCR is applied so screenshots can be assessed in the same way as text inputs.
2. Rule Evaluation: Heuristic checks identify red flags such as mismatched domains, suspicious top-level domains, short links, and urgent wording.
3. Cross-validation: Extracted URLs are compared with phishing intelligence databases to confirm whether they are already reported as malicious.
4. AI-assisted Analysis: Natural language models evaluate semantics and structure, identifying risky patterns and comparing them to known phishing templates.
5. Explanation Output: The system assigns a risk level (High, Medium, Low) and provides evidence in clear terms that users can understand.
Practical Value
The application is designed not only to detect but also to explain. By presenting technical signals in clear and accessible language, it helps users understand why a message is risky and what action should be taken. For individuals, this reduces uncertainty and prevents harm. For small and medium-sized enterprises, it functions as a cost-effective awareness tool, giving employees real-time practice in identifying phishing attempts and laying a foundation for more advanced training.
Broader Impact and Growth
The prototype demonstrates that phishing detection can be both effective and user-friendly. Looking ahead, the framework can be extended to:
• Support multilingual analysis to serve diverse communities.
• Integrate with government and industry datasets for broader coverage.
• Enable anonymised reporting to strengthen collective intelligence.
• Form part of structured cybersecurity training programs.
By combining reliable intelligence, analytical techniques, and an educational dimension, the application enhances protection while building long-term user confidence.