PhiLogo

HomePageImg

TEAM

Jane

Dylan Via

Backend Lead

I am an undergraduate student at ODU going for my bachelors in Computer Science. I plan on pursing a career in Software Engineering after I graduate. Most of my training in coding has been in C++, but I do have experience in Java and Python."

Mike

Ralph Mpanu

Database Lead

Ralph Mpanu is a senior at ODU and is majoring in Computer Science. After graduating he plans on working as a software engineer. He enjoys fitness and practicing brazilian jiu-jitsu.

John

Joshua Freeman

Webmaster

Joshua Freeman is a Senior at ODU and is majoring in Computer Science. He likes to read and play video games.

Jane

Mustafa Ibrahim

Team Mentor

Mustafa Ibrahim is a PhD student at ODU, specializing in Computer Science with a focus on Cybersecurity, particularly in Networking Security. He also enjoys playing soccer.

Mike

Ethan Barnes

Frontend Lead

Ethan Barnes is another Senior at ODU, studying Computer Science. He is currently working at a flour mill as a Second Miller. He enjoys reading, the outdoors, and discovering new things. He has three children."

John

Hunter Pollock

Team Leader

Hunter Pollock is a Senior at ODU currently studying and majoring in Computer Science, with the goal of getting a Master's degree in the graduate program. He enjoys playing video games, good food, listening to music, and learning about programming

Problem Statement

Universities do not have the resources available to properly teach their students to identify and avoid phishing attacks.


Problem Description

Phishing is becoming more and more common in the modern world. Over 3.4 billion phishing emails are sent a day, and email phishing accounts for 1.2% of all email traffic globally!
84% of organizations [of all kinds] were the target of at least one phishing attack. Education industries (such as universities) make up 9.3% of these attacks.
That might not sound like much at first, but that’s 316,200,000 emails per DAY targeted at educational institutions!


Mo' Phishing, Mo' Problems

Universities, as stated before, are some of the most vulnerable institutions in terms of phishing attacks. California State University would know.
82 student accounts of theirs were compromised in Q2 of 2023, up from almost zero at the beginning of 2021. These attacks pose as either threatening to shut down access to important services like email accounts or offering students jobs with very enticing pay. The second one especially is tempting, as many newer students need the money to support themselves, especially those who moved to live near the university (especially those from out of town and/or state). Don’t think it’s just them either: The scam is present throughout most universities, as it’s very tempting for newer students and others who might not be as aware of the tells of phishing scams. For example…
PF PF

Phishing Education

It’s becoming more and more clear students and faculties at these universities do not have the proper training required to discern phishing scams from legitimate emails
The average click rate for a phishing attack is 17.8%, going to to 53.2% for more targeted spear phishing attacks!¹⁶ As well as all this, educational facilities have been reported to be some of the most likely to fall for phishing attacks, opening the emails 27.8% of the time! It’s becoming more and more of an issue, and educational institutions like universities are some of the most vulnerable entities out there.
Universities need a proper way to train their students so that they don’t bite the hook.
PF

Problem Characteristics

Lack of Hands-On Experience: Students and non-technical university personnel may lack the practical experience in identifying and avoiding phishing attacks.
Outdated Technology: Due to a lack of resources universities often have to use outdated or inadequate technology infrastructure making it difficult to implement anti-phishing measures.
Resource Constraints: Universities face resource constraints which can hinder implementing comprehensive phishing training programs.
Scalability: Universities may encounter challenges in scaling their training initiatives to accommodate a growing student population.


PF

Our Solution

Phisecure provides a customized training software solution, developing phishing simulations over a variety of platforms tailored to the user. The methods used during the simulation will be reported and explained in detail to the user. Creating a thorough training process to help them identify phishing threats.

Solution Characteristics

Phishing Simulation Inputs given by the user will be used to generate unique phishing attacks. Sends messages through Email, Text, and Chat API used by their workplace.
Provide feedback recorded from the simulation Reports to the user if they succeeded or failed, demonstrating the red flags they should have noticed. Generates a threat assessment from the overall results after a period of training.

University Collaboration

Phisecure’s goal is to collaborate with universities to offer a unique educational experience. With the Phisecure tool, Universities can provide a solution to teaching employees how to identify and avoid phishing scams.

Solution Process Flow

PF

Glossary

Phishing- The fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
User Interface(UI)- The means by which the user and a computer system interact, in particular the use of input devices and software.
Open Source- This is software in which the original source code is made freely available and may be modified.
Malware- Software that compromises the operation of a system by performing an unauthorized function or process.
Ransomware- A malware designed to deny a user or organization access to files on their computer.
Attack- An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

References

“Top 10 Costs of Phishing - Hoxhunt.” RSS, www.hoxhunt.com/blog/what-are-the-top-10-costs-of-phishing Accessed 7 Feb. 2024.
Irwin, Luke. “51 Must-Know Phishing Statistics for 2023: It Governance.” IT Governance UK Blog, 19 June 2023, www.itgovernance.co.uk/blog/51-must-know-phishing-statistics-for-2023.
Stansfield, Todd “Q3 2023 Phishing and Malware Report.” Q3 2023 Phishing and Malware Report, Vade 15 Nov. 2023, www.vadesecure.com/en/blog/q3-2023-phishing-malware-report
"Cloudian Ransomware Survey Finds 65 Percent of Victims Penetrated by Phishing Had Conducted Anti-Phishing Training." Cloudian, Victims Penetrated by Phishing Had Conducted Anti-Phishing Training (cloudian.com)
Rezabek, Jeff. “How Much Does Phishing Cost Businesses?” IRONSCALES, IRONSCALES, 24 Jan. 2024, ironscales.com/blog/how-much-does-phishing-cost-businesses.
Must-Know Phishing Statistics - Updated for 2024: Egress.” Egress Software Technologies, Egress Software Technologies, 19 Jan. 2024, www.egress.com/blog/phishing/phishing-statistics-round-up.
Sheng, Ellen. “Phishing Scams Targeting Small Business on Social Media Including Meta Are a ‘gold Mine’ for Criminals.” CNBC, CNBC, 15 Aug. 2023, www.egress.com/blog/phishing/phishing-statistics-round-up.
“Cybersecurity Training and Certifications.” Infosec, www.infosecinstitute.com/. Accessed 10 Feb. 2024.
Hoxhunt for End Users, Infosec, http://support.hoxhunt.com/hc/en-us/categories/360000079772-Hoxhunt-for-end-users Accessed 10 Feb. 2024.
KnowBe4. “Security Awareness Training.” KnowBe4,http://www.knowbe4.com/ Accessed 10 Feb. 2024.
Steves, Michelle, et al. “Categorizing Human Phishing Difficulty: A Phish Scale.” OUP Academic, http://academic.oup.com/cybersecurity/article/6/1/tyaa009/5905453 Accessed 10 Feb. 2024.
Nice Challenge Project, http://nice-challenge.com/ Accessed 10 Feb. 2024.

Week 1

week1

Week 2

week2

Week 3

week3

Week 4

week4

Week 5

week5

Week 6

week6

Week 7

week7

Week 8

week8

Major Functional Component Design

Del

Problem Statistics

Del

Del

Day in the Life

PF

Solution Process Flow

PF

Competition Table

PF

Mo Problems Drawing

PF

Technical Risk Matrix

PF

Customer Risk Matrix

PF

Legal Risk Matrix

PF

Feasibility V2

Feasibility V1