Why I Built HomePhish

Hi there – I’m Rick Roane. By day I’m a cybersecurity specialist and Red Teamer (a professional hacker paid to test defenses), and by night I’m a startup founder and a 100-mile ultra marathon runner. In short, I have a high tolerance for pain and long hauls. Today, I want to candidly share why I’m launching my new SaaS product HomePhish, an AI-powered phishing simulation and training platform for families. This isn’t a polished corporate announcement, but a personal note about a problem that keeps me up at night and what I’m doing to tackle it.

Families Are Left Behind in Cybersecurity Training

In my security career, I’ve run countless phishing simulations on company employees at various companies. Businesses have entire programs to train their staff to recognize scam emails. But what about our families? At home, our kids, spouses, and parents are largely on their own. Most cybersecurity training is built for offices, not living rooms. That gap has left families incredibly vulnerable.

Every week, I hear another heartbreaking story: a teenager clicks on a fake link promising "free V-Bucks" and ends up infecting the family's devices with malware, or a grandparent receives an alarming “urgent security alert” email and unknowingly hands over their life savings. Scammers in the U.S. are targeting everyday families more aggressively than ever—according to the latest FTC reports, consumers reported losing more than $10 billion to fraud in 2023, marking the first time that fraud losses have reached that benchmark. This represents a 14% increase over reported losses in 2022. Think about that—billions lost annually because scammers know our families aren't prepared. It's a reality they're exploiting every single day, and it's exactly why I built HomePhish.

Yet when I looked for a solution to train my own family to spot phishing and fraud, everything was geared toward enterprises: boring video modules, IT jargon, and high price tags. I realized if I wanted my loved ones to be safe, I’d have to create something new. So I did.

This gap isn’t just a theoretical concern—I’ve seen firsthand how scammers ruthlessly exploit vulnerable populations, especially seniors. It bothered me so deeply that last year, I published a book specifically to address this growing crisis. "Safe and Secure: A Senior's Guide to Avoiding Scams" is designed to equip seniors and their families with practical tools and strategies for avoiding scams and fraud in today’s digital age. From detailed explanations of common scams (phishing, identity theft, phone scams, and social media risks) to interactive quizzes and real-life scenarios, the book aims to make scam prevention accessible, straightforward, and empowering—even if you’re new to technology.

Writing that book reinforced my belief that education is our strongest defense against scammers, but I knew even more could be done. That’s ultimately why I created HomePhish—to bring proactive security education right into the daily lives of families, preventing heartbreak and financial ruin before they happen.

Meet HomePhish: Phishing Drills Made for Your Family

HomePhish is my attempt to bring effective security training into the home. It’s an AI-powered platform that simulates phishing attacks and teaches your family to recognize them in a fun, practical way. Here’s how it works and what makes it different:

• Personalized Phishing Drills: HomePhish uses AI to craft fake scam emails tailored to each family member’s world. Your video-game–obsessed kid might get an email promising free Roblox currency. Your bargain-hunting partner might see a phony “Amazon refund” offer. We even generate tricks for Grandma that look like the classic Facebook “Is this you in the video?” message. Each simulation is age-appropriate and relevant, so it feels real – and that’s the best way to learn.

• Instant Feedback & Gamified Lessons: If you or a family member takes the bait (clicks the link), HomePhish immediately intervenes with a friendly heads-up and a quick lesson. It might say, “Hey, that email was a test! 🐟 Here’s what you missed: the sender’s address was slightly off.” We turn each mistake into a teachable moment, instantly. And if you do spot the phish and report it, you earn points and collect badges. We’ve made learning to outsmart scams feel like a game, not a lecture.

• No Jargon – Truly Family-Friendly: I’ve designed HomePhish for parents and kids, not IT professionals. That means no acronyms, no tech gobbledygook. The training snippets and explanations use plain language (my years of explaining “hacker stuff” to relatives came in handy here). The goal is to empower anyone in the family, whether they’re 8 or 80 years old, to feel confident spotting a scam.

• Family Owner Dashboard: We provide a simple dashboard for the head of household (or whoever wants to be “coach”). You can see at a glance how everyone is doing – who’s acing the phishing quizzes, who might need extra help – all in one place. It’s one simple interface for monitoring progress, designed for busy parents who want to keep their family safe but don’t have time to play IT help desk. No judgment, no shaming for mistakes – just insights to guide your family’s learning.

In short, HomePhish takes the proven concept of phishing simulations (which have drastically reduced employee phishing click rates in businesses) and translates it to family life. It’s a labor of love born from my frustration that my own household had no equivalent of the training I give to Fortune 500 companies. If we can turn scam-spotting into a fun family challenge – sort of a “spot the fake” game night that runs in the background – maybe we can prevent the next crisis before it happens.

Lessons from My Last Attempt (Failing Forward)

This isn’t my first swing at building a tool to protect people. A couple years ago, I built a mobile app called Cleared Contact. Its mission was to help prevent those creepy new AI voice deepfake scams. You might have heard of them: a scammer clones your loved one’s voice and calls you saying something like “Mom, I’m in trouble, send money!” It’s disturbingly easy now for bad guys to do this. Experts have been urging families to set up a secret codeword for calls – a simple verbal password to verify it’s really you on the line. Cleared Contact was meant to facilitate that. The app let families send push notifications with a one-time use shared codeword before a phone call happens so they could authenticate who they were really talking to.

I poured my heart into that app… and almost no one used it. 😔 In theory, people liked the idea, but getting folks to actually download and set up a proactive security app was an uphill battle. After months of practically begging folks to try it (and hearing a lot of “Oh yeah, I should do that sometime”), I had to face reality. Cleared Contact never gained traction, and I ultimately shut it down due to low adoption.

That failure stung, I’ll be honest. As a founder (and an ultra-marathoner), I’m used to pushing through pain, but shutting down a project you believe in hurts more than any race. However, it taught me a valuable lesson: even the best security tool is useless if people don’t actually use it. And getting people to take action before they’ve been personally burned is extremely hard.

The Challenge of Proactive Security

Building tools to prevent disasters, rather than react to them, is tricky. Human nature is to put off dealing with hypothetical problems. It’s the same reason many of us skip doctor check-ups until we’re really sick, or ignore the small leak until the basement’s flooded. In cybersecurity, I’ve seen this time and again: families and individuals often only get serious about security after a scam or breach hits home.

To be brutally candid, this fact is the bane of my existence as a security entrepreneur. With Cleared Contact I encountered it head-on. I was asking people to care about voice deepfakes before one targeted them or someone they know. That’s a tough ask. Most folks thought it was spooky and important, but not urgent.

So with HomePhish, I’m approaching the proactive problem challenge differently. I realized the solution has to integrate into people’s lives in a painless and even enjoyable way. Instead of saying “Here’s another chore you should do for safety,” I want HomePhish to feel like, “Hey, here’s a fun thing you can try with your family – and by the way, it’s keeping you safe.” I’m making it as easy as signing up with an email and letting the AI do its thing in the background. My hope is that by making security training playful and ultra-convenient, families will actually use it before something bad happens, not after.

Is this still an uphill battle? Absolutely. I’m essentially trying to convince people to buckle their seatbelts before the crash. But I believe the timing is right – scams are so prevalent now that it’s getting harder to ignore the danger. And I’m determined (or just stubborn). If running 100 miles in the mountains has taught me anything, it’s that some challenges are worth the grind, even if a part of you wonders if you’re crazy for trying.

Join Me in Securing Our Families (A Personal Call to Action)

I’m sharing all this with you, dear reader, because I want to be transparent about my mission and also ask for your help. I truly believe family cybersecurity needs to become a priority before more families get hurt. Whether you use HomePhish or just have a serious talk with your family about online scams, please take action. Don’t wait until your parent or child falls victim to a phishing email or a fraudulent call. The cost – financial and emotional – of those scams is devastating, and it’s largely preventable with a little education and vigilance.

As for HomePhish, we’re just getting started. The product is currently in early access, which means you can sign up now as one of the first users and get special benefits for being an early adopter. (I’m thinking of it like a beta program with some extra love for those who join.) If this sounds interesting, I invite you to join the waitlist on our website – it’s free to sign up, and you’ll be the first to know when we roll out new features and the full launch. Join the HomePhish Early Access Waitlist.

More than anything, I’d love your feedback. Try it with your family and tell me what works and what doesn’t. Early users will help shape the product into something that truly makes a difference. And if you find HomePhish valuable, please spread the word to friends, your PTA group, your podcast listeners – anyone who might benefit. I’m a big believer that we’re all in this fight together against scammers, and the more people we have on board, the safer everyone will be.

Writing this, I feel a mix of excitement and nerves. Launching a startup (again) is scary, especially when it’s tackling a problem this personal to me. But it also feels deeply rewarding to turn my concern into action. My promise to you is that I’ll keep this journey honest – highs and lows alike. This post is just the start of that conversation.

Thank you for reading and considering the security of your family. It means a lot to me. Let’s keep our loved ones safe online, before they become victims.

Stay safe out there,

– Rick Roane (proud founder of HomePhish, and always learning)