# PoC and documentation on how the project got developed

if you are intressted of my notes and thought-process through this project keep reading :)

**Name ideas:**

To be phished or not to be phished

Have I been phised?

Don’t Get Phished!

**Project requirements:**



For G:

* Basic functionality
* If-statements and user interaction
* Lists and loops
* OOP - the program must include at least one class, with at least two attributes and one method
* User-friendliness and clarity



For VG:



* Use Tkinter
* The program must have persistent data, meaning it should save and read data from files (so that the program remembers what has happened when it’s been used, e.g., a “high score”).


**Idea:**



⦁	A quiz game that trains the user to detect phishing emails.

⦁	The user answers Phishing or Safe.

⦁	The program should calculate the score and display the result after all questions have been answered.

⦁	There should be a scale for the user’s score.

⦁	10 questions in total (to start with) – 7 phishing, 3 legitimate.

⦁	Before each phishing question, include a short scenario that the user must imagine themselves in before answering.

⦁	After each correct phishing answer, display an explanation of what this type of attack does and how to identify it.

⦁	Help the user build security awareness: refer to HaveIBeenPwned, two-factor authentication, password managers, and a technique for creating strong passwords for all their devices.



**Pipeline for user:**



Welcome user -> What is phishing -> Different types of phishing -> How to play the game -> Answer 10 questions (Receive feedback on Phishing/Safe, along with an explanation) -> Total score -> Security awareness -> Do you want to restart or exit the game.

**Data generating**



Inspiration - Cisco academy Introduction to cybersecurity, Getcybersafe.gc.a pdf

Images or text? Best way to generate data?

Possible method: Generate images in canva


### Checklist and todo list



- Create a welcome page text

- Create text for: What is phishing? , Phishing types, How to play, Security mindset

- Generate Phishing data/examples

- Learn how to use - PhotoImage library in tkinter and embed it to the quiz

- Identify functions needed for game


### Results =
**Welcome page**



To Be Phished or Not to Be Phished



Your inbox looks ordinary at first glance. A delivery update, a payment notice, a message from someone you trust. Then something feels off. This is where the game begins.



This game puts you in realistic phishing situations that test how well you can spot small details under pressure. The goal is to train your instincts and help you recognize real attacks before they reach you.



**What is phishing?**



Phishing is a type of social engineering attack where someone tries to trick you into giving away personal information, such as passwords, credit card details, or other sensitive data. Instead of breaking into systems directly, the attacker pretends to be someone trustworthy, like your bank, a colleague, or a familiar service, and lures you into taking an action: clicking a link, downloading a file, or logging into a fake website.



It works because it targets human attention, not technology. When you’re tired, distracted, or in a hurry, you’re more likely to miss small details, such as an off-looking email address, a slightly wrong URL, or a message that feels urgent. That moment of lowered focus is what phishing exploits.



**Phishing types:**



1\. Mass phishing

Generic fake emails sent to many people. They often claim to be from a familiar service such as your bank or a delivery company and include a link to click or a file to open. These are the most common type and rely on volume rather than precision.



2\. Spear phishing

Targeted messages written specifically for you or your organization. The attacker uses real details like your name, role, and company to sound convincing. They are harder to detect because the message feels personal.



3\. Business Email Compromise (BEC)

The attacker pretends to be a boss, colleague, or vendor to request money or sensitive data. It often looks completely legitimate because it uses a familiar tone and formatting. Financial loss is usually the goal.



4\. Credential phishing

Emails that lead to fake login pages designed to steal usernames and passwords. The website looks identical to the real one but the URL is slightly wrong. This is how many account breaches start.



5\. Email spoofing

Attackers forge or mimic legitimate addresses so the email appears to come from a trusted source. They can manipulate sender names or domain lookalikes. Technical protections such as SPF, DKIM, and DMARC help block this, but not all systems enforce them.

These are the critical categories that represent the majority of real phishing threats and show how attackers typically trick users into giving access, money, or information.



**How to play?**



You will see a series of email scenarios based on real phishing attempts. Each message contains clues that reveal whether it is legitimate or fake.



Read each email carefully. Pay attention to sender details, links, tone, and urgency. When you’re ready, choose **Safe** if you believe it’s real or **Phishing** if you suspect it’s a trap.



Your score increases with each correct answer. The goal is to sharpen your attention and train your eyes to spot the small signals that make all the difference.





**Security mindset**

Good security is not about remembering hundreds of rules. It is about setting a few smart habits that protect you automatically. These are the essentials.


1. Use two-factor authentication (2FA)
Even if someone steals your password, 2FA blocks them from logging in. Use an authenticator app or a physical key rather than SMS when possible. Enable it on every account that supports it.

2. Use a password manager
A password manager safely stores all your unique passwords and fills them in for you. It removes the need to remember or reuse passwords. Examples include Bitwarden, 1Password, or KeePass.


3. Create your own memorable password system

If you prefer not to use a manager, use a repeatable structure that keeps passwords unique but easy to recall.
Choose a base word that only you know, then attach a short element from the site or app.
Example:
Base word: GraniteRiver7!
Website: Gmail → GraniteRiver7!Mail
Website: Spotify → GraniteRiver7!Music
Website: LinkedIn → GraniteRiver7!Work

Each password stays unique to its service but follows a pattern that is easy for you to remember and difficult for others to guess. The key idea is consistency without repetition.

4. Check if your data has been exposed

Use: "Have I Been Pwned" to see if your email or passwords have appeared in known data breaches. If they have, change those passwords immediately and never reuse them.


**Functions needed:**



check\_answer, update\_question, show\_final\_score



In [None]:
# PoC quizgame - creating base logic
# This code must be run in a .py file to work

import tkinter as tk
from tkinter import messagebox, PhotoImage
import os

# Initialize main window first
root = tk.Tk()
root.title("Phishing Quiz")

# Sample instructions and answers
quiz_data = [
    {
        "instruction": "Read the email and choose Phishy or Safe.",
        "image_path": "test1.png",
        "choices": ["Phishy", "Safe"],
        "answer": "Phishy"
    },
    {
        "instruction": "Read the email and choose Phishy or Safe.",
        "image_path": "test2.png",
        "choices": ["Phishy", "Safe"],
        "answer": "Safe"
    }
]

# Convert image paths to PhotoImage objects
base_dir = os.path.dirname(os.path.abspath(__file__))

for item in quiz_data:
    full_path = os.path.join(base_dir, "images", os.path.basename(item["image_path"]))
    item["image"] = PhotoImage(file=full_path)
    
# Global state
current_instruction = 0
score = 0

# Widgets
instruction_label = tk.Label(root, text="", font=("System", 16))
instruction_label.pack(pady=10)

image_label = tk.Label(root)
image_label.pack(pady=10)

buttons = []
for i in range(2):
    btn = tk.Button(root, text="", font=("System", 16))
    btn.pack(pady=5, fill=tk.X)
    buttons.append(btn)
    
# Function to check the answer
def check_answer(selected_choice):
    global current_instruction, score
    if selected_choice == quiz_data[current_instruction]["answer"]:
        score += 1
    current_instruction += 1
    if current_instruction < len(quiz_data):
        update_question()
    else:
        show_final_score()
            
# Function to update the question
def update_question():
    question = quiz_data[current_instruction]
    instruction_label.config(text=question["instruction"])

    img = question["image"]
    image_label.config(image=img)
    image_label.image = img  

    for i, choice in enumerate(question["choices"]):
        buttons[i].config(
            text=choice,
            command=lambda c=choice: check_answer(c)
        )
    
    
# Function to show the final score
def show_final_score():
    messagebox.showinfo("Quiz Completed", f"You scored {score} out of {len(quiz_data)}")
    root.destroy()

# Start first question
update_question()

# Start the Tkinter event loop
root.mainloop()

### Next steps:

- Structure needed data
- Generate/extract needed data
- Scale code - add multiple pages, add previous and next buttons
- Decide styling


### Results =

**Phishing data structure**



7 **Phishing** and 3 **Safe**



10 Images



1x Mass phishing

2x Spear phishing

1x Business Email Compromise (BEC)

1x Credential phishing

2x Email spoofing

3x Real mails




### Styling

- Here is a url for available colors and their names in tkinter :  https://cs111.wellesley.edu/archive/cs111_fall14/public_html/labs/lab12/tkintercolor.html
- Below is a code to retrieve all current available fonts in tkinter

In [None]:
# Source - https://stackoverflow.com/a
# Posted by Marty Wilk 
# Retrieved 2025-11-10, License - CC BY-SA 4.0

from tkinter import *
from tkinter import font


root = Tk()
root.title('Font Families')
root.geometry("400x700")
fonts=list(font.families())
fonts.sort()

display = Listbox(root)
display.pack(fill=BOTH, expand=YES, side=LEFT)

scroll = Scrollbar(root)
scroll.pack(side=RIGHT, fill=Y, expand=NO)

scroll.configure(command=display.yview)
display.configure(yscrollcommand=scroll.set)

for item in fonts:
    display.insert(END, item)

root.mainloop()