Phishy is a consumer web product built around a provocative idea: what if scam attempts could be turned into something positive?

Every day people receive phishing emails, fake invoices, impersonation scams, and other forms of digital fraud. Most of the time the experience is one-sided: the scammer reaches out, the user is forced to stay alert, and the only real win is avoiding the trap.

Phishy imagines a different outcome. Users can capture a suspicious email or message, upload it to a dedicated web platform, and let Phishy generate a tailored counter-response based on the scam attempt. If the scammer falls for it, 100% of the reward is donated through Phishy’s charity partners across multiple causes.

The project explored both the brand identity and the product experience for this idea. The brand needed to feel playful, sharp, and memorable - more like a clever trap than a traditional safety tool. The product needed to guide users clearly through turning scam attempts into donations.

Is it Legal?

Yes - Phishy is designed as a lawful, structured response to digital fraud. Rather than having users act on their own, suspicious messages are submitted and handled through a controlled platform. In March 2026, Phishy signed an agreement with law enforcement partners to ensure the process remains safe, legitimate, and aligned with public interest.

The idea behind Phishy is memorable, but also requires a careful and considered design approach.

Most anti-phishing products are built for enterprise environments, focusing on detection, filtering, warnings, and employee training. Their visual language is usually serious, corporate, and risk-focused. Phishy, by contrast, is a consumer-facing web product built around a more emotional experience: the satisfaction of reversing the power dynamic.

That created several design challenges at once:

From the start, the goal was to create a product that felt bold and entertaining while still behaving like a trustworthy consumer tool. The experience had to give users a clear sense of control.

Three principles shaped the work:

Industry Landscape

Anti-phishing products are shaped by a shared visual and conceptual language: clean corporate branding, security-first messaging, and a focus on protection, detection, and compliance. Built primarily for B2B enterprise, these tools emphasize trust, control, and risk mitigation - positioning phishing as a threat to block and manage.

Phishy takes a different direction. While adjacent solutions exist, there is no clear example of a B2C platform built around reversing a scam attempt and turning it into a positive outcome. This creates a new category language - one that feels lighter, smarter, and more proactive.

Name and Logo

For a B2C product, the name needed to be catchy, memorable, easy to understand, and immediately familiar. Because the concept is playful and consumer-facing, it was important to choose a name that people could recognize quickly, remember easily, and instantly connect to the product’s purpose.

The name Phishy works on two levels:

The logo follows the same idea in a simple visual way. The wordmark uses a bold serif style, giving Phishy a confident and memorable look. A fishing hook hangs above the “i,” turning the name into a small visual story. It connects directly to the idea of bait and phishing, but flips the meaning - here, the scammer is the one being caught.

Colors

The color system was designed to make Phishy feel bold, playful, and instantly recognizable. Instead of using the dark, intimidating look common in cybersecurity, the brand is built around a bright electric blue that feels sharp, technological, and energetic.

The soft pink adds warmth and humor, creating a surprising contrast with the blue and helping the product move away from the cold, serious language often associated with cybersecurity. This combination gives Phishy a more consumer-friendly and campaign-driven personality.

Brand Activation & Creative Strategy

The Phishy brand comes to life through a recurring cast of evil-fish characters that give the product its tone and personality. Instead of relying only on abstract cybersecurity symbols, the brand uses sharp, expressive fish illustrations to make the experience feel smarter, more distinctive, and more human. The blue line-work, aggressive eyes, sharp teeth, fins, hooks, and different character variations create a recognizable visual world - one that feels mischievous, playful, and slightly edgy while still staying clean, simple, and clear.

At the conference, attendees started playing to win a doll - many wanted one for their kids, which made the interaction even more memorable. In that sense, it worked not only as brand expression, but also as a growth-driven campaign: something visual enough to spread online, playful enough to attract people in person, and meaningful enough to turn engagement into impact.

Overall, these examples show how the Phishy brand operates beyond a logo or interface style. It creates a visual system that is expressive enough to make the product memorable, but structured enough to support trust, storytelling, and user participation. Humor, character, and visible impact help turn a dark digital experience into something people can actively engage with - and even feel proud to share.

Phishy was designed as a B2C web product, so the experience needed to feel fast, simple, and trustworthy from the first interaction. Because scam reporting is something most people would normally ignore, the flow was designed to reduce friction and turn a passive moment into an actionable one. Rather than overwhelming users with technical steps, the platform focuses on clarity, momentum, and a visible positive outcome.

The interface was designed to support that flow with as little friction as possible. The submission experience asks only for the essential inputs, with each screen focused on a single action. This keeps the process lightweight, focused, and easy to complete.

Once the form is completed, the experience shifts from action to anticipation. At this stage, the user has already done their part, and the platform takes over - using the approved bait to engage the scammer and continue the trap.

If the scammer takes the bait and money is generated, we choose one of our partner charities based on the user’s cause, and the user receives a follow-up email confirming the outcome. Instead of a generic notification, the email becomes a satisfying and emotional endpoint to the journey: it shows that the scam was successfully reversed, the money was recovered, and the donation was completed. To make the impact feel more personal, the user also receives a short video from the charity showing what their donation helped create, turning the experience from a simple confirmation into a meaningful moment of closure.

It also turns the result into something more tangible and shareable. Along with the donation confirmation, the user receives a branded banner showing the outcome, which they can post on social media. The banner becomes more than a confirmation - it also works as a simple form of advocacy and product awareness, encouraging other people to do the same.

Overall, the product was designed as a guided and emotionally engaging web experience. It begins with a simple submission flow, moves into a period of suspense while the trap is active, and ends with a clear donation result that the user can feel good about sharing. Across every stage, the design balances trust, speed, and clarity - turning a frustrating scam encounter into a structured experience with a meaningful outcome.

Phishy was an exploration of how a B2C cybersecurity product could be reframed as something more active, more emotional, and more memorable. Instead of speaking in the language of enterprise protection and passive defense, it imagines a consumer-facing experience built around reversal, participation, and visible impact.

Rather than focusing only on defense, the project imagines a product that gives users a sense of reversal - turning a scam attempt into a moment of agency, reward, and contribution. That shift required both a distinctive brand and a tightly designed consumer web experience.

The result is a concept that sits between consumer security, playful retaliation, and cause-driven design - a product that takes something harmful and redirects it toward something positive and useful.