Phishing attacks are one of the most common forms of cybercrime, and most people can't tell they're being targeted until it's too late. Gmail filters obvious spam, but it never explains why something is dangerous in plain language.
This hits hard for people who aren't deeply tech-savvy. Older adults, first-time internet users, anyone who didn't grow up online. We built something that can act like a knowledgeable friend looking over your shoulder, pointing out the warning signs and telling you how to stay safe on the web.
Hooked? is a Chrome extension that scans emails and websites for phishing in real time. When you open a Gmail email it auto-triggers, or you can hit Run Scan on any webpage. It:
- Checks for urgency language, suspicious links, credential harvesting, and brand impersonation
- Uses Gemini AI to produce a plain-English risk summary, a 0–100 danger score, and recommended next steps
- Highlights the specific suspicious phrases directly on the page
- Reads the summary aloud using ElevenLabs text-to-speech
Settings let you toggle keyword highlighting and auto-popup on new Gmail emails.
A Chrome Manifest V3 service worker brokers messages between the popup, the content scripts, and a Node.js/Express backend. Content scripts extract email or page content and run a local scoring engine. The service worker holds the response channel open while the backend calls Gemini for AI analysis, then forwards the result back to the popup and highlights suspicious phrases on the page. ElevenLabs TTS returns audio as base64, played via the Web Audio API.
Several Gemini model versions hit quota limits of zero on our API keys. We added a testing mode that returns a realistic sample response so we could build and demo the full pipeline without burning quota.
- Developed frontend components for a Chrome extension enabling user interaction and real-time feedback
- Designed and implemented a warning notification system to alert users of potential phishing threats
- Implemented email content scanning logic to analyze message text before AI evaluation
- Contributed feature ideas and UI/UX decisions during collaborative hackathon development
- Gemini quota limits are unpredictable. Building a testing mode early saved hours of blocked development
- ElevenLabs voice quality is very sensitive to
stabilityandsimilarity_boost. Small tweaks matter a lot for a warning/alert context
- Scanning attachments and QR codes in emails
- A local, fine-tuned AI model for fully offline detection
- Expanded language support
- Mobile App Support
- Generalization to scan websites
- Microsoft Edge support