SecureMe

• 

  Landing Page

• 

  Management Page

Inspiration

We built this project after learning that 10.3 billion dollars were lost to phishing and other internet scams in 2023, yet most employees receive little to no hands-on training to recognize these threats. Today's cybersecurity training involves boring slideshows, which people easily skip over and passive in stopping the threat of phishing. We wanted to create an immersive and realistic training platform that teaches employees to identify phishing attempts through real experience.

What it does

SecureMe is a comprehensive phishing awareness training platform that simulates real-world attacks through: Email Phishing Campaigns

Sends realistic phishing emails to employees using professional templates Features authentic-looking landing pages (SSO replica) Tracks who clicks links, loads pages, and submits credentials Generates detailed analytics on vulnerability patterns

Voice Phishing (Vishing) Simulations

AI-powered phone calls that mimic common scam scenarios Interactive voice responses using Twilio and ElevenLabs Tests employees' ability to detect phone-based social engineering

Analytics Dashboard

Real-time tracking of campaign results Identifies vulnerable employees who need additional training Comprehensive CSV logging of all interactions Success rate metrics and improvement tracking

Batch Management

Select multiple employees for training campaigns Customize phishing scenarios and messages Schedule and manage multiple simultaneous campaigns

How we built it

Backend (FastAPI + Python)

• FastAPI for high-performance REST APIs.
• Postmark for email delivery and click tracking.
• Twilio for voice call simulations.
• ngrok for webhook tunneling during development.
• ElevenLabs for voice AI and call transcripts.
• Valkey for database storing call transcripts.
• Google Gemini for call transcript analysis.

Frontend (React + TypeScript)

• React with TypeScript for type-safe development.
• Modern UI with Tailwind CSS.
• Interactive dashboards for campaign management.
• Real-time feedback on simulation results.

Challenges we ran into

Email Deliverability

Challenge: Phishing emails were getting blocked by spam filters. Solution: Properly configured SPF/DKIM records and used Postmark's verified sender system.

Real-time Event Tracking

Challenge: Capturing email opens, clicks, and form submissions across different devices. Solution: Implemented Postmark webhooks with unique UIDs for each recipient.

Storing Call Transcripts

Challenge: Capturing call recordings and storing them for post-training review without overwhelming storage. Solution: Leveraged ElevenLabs transcript API with automatic storage through Valkey, and 2 hour expiration policies so that data is private.

Accomplishments that we're proud of

• Created a fully functional phishing simulator in under 24 hours.
• Implemented comprehensive tracking from email delivery to email click.
• Designed an intuitive UI that makes running campaigns accessible and easy for non-technical users.
• Architected a scalable, modular backend that can easily add new attack scenarios.
• Integrated voice phishing capabilities alongside email simulations.

What we learned

Technical Skills:

• Building production-ready REST APIs with FastAPI.
• Integrating third-party services (Postmark, Twilio) via webhooks.
• Real-time event tracking and analytics.
• Secure credential handling (even in simulations).
• Frontend-backend communication patterns.

What's next for SecureMe

1. SMS phishing simulations (smishing attacks).
2. More scenario templates (Microsoft 365, Google Workspace, Banking landing pages).
3. Integration with HR systems for automatic employee onboarding.

Built With

• elevenlabs
• gemini
• python
• react
• rest-api
• typescript
• valkey