Phishing Tacklebox - Security Stu

A small triage pipeline for forwarded phishing reports. It risk-scores them, surfaces the real ones, and quietly drops the rest.

The problem

Most of what users forward as “is this phishing?” turns out to be benign. The few real ones tend to get buried under the false positives, which slows real response down. I wanted a way to bring the actual threats to the top of the queue without telling users to stop reporting things.

How it works

Pulls forwarded suspicious emails into a single inbox.
Runs each one through a short list of open-source threat intel APIs.
Builds a risk score and posts a Phishing Incident Report card in Slack.
Lets analysts confirm, escalate, or dismiss the report inline.

What it changed

Triage on individual reports got a lot faster, the channel got noticeably quieter, and real incidents stopped getting lost behind the noise.