A 0→1 product design project turning unstructured, employee-reported phishing emails into an evidence-backed triage system.
Overview
TYPE
SaaS Product Design
ROLE
Lead Product Designer
TOOL
Figma
SKILL
UI/UX Design, User Research, Data Visualization
Why build this product?
Traditional scanners miss real-world phishing threats, especially those reported by employees. Security teams lacked clarity: What made the email malicious? Was any action taken? Abuse Mailbox fills this gap—turning noisy reports into triage-ready intelligence with sender signals, malicious artifacts, and threat patterns, enabling faster, smarter responses.
audience
SOC Analyst
Security Analyst / SecOps
01/ Triage emails efficiently
02/ Act on phishing threats with confidence
03/ Reduce investigation time
• Too many employee reports are noise
• Verdicts lack context
• No visibility into takedown status
• Reviews forwarded emails
• Interprets headers, domains, NLP flags
• Triggers takedown or escalates threat
Email header tools, Defender, Jira, SOAR
“I need to know why this was marked malicious.”
Employee Reporter
Employee / End User
01/ Report suspicious emails quickly
02/ Be reassured their input is useful
• No feedback loop after forwarding
• Fear of false reports
• Doesn’t know what happens next
• Forwards emails manually or via ‘Report’ button
• Flags anything that “feels wrong”
Outlook, Gmail, Bolster-integrated mail clients
“I don’t know if what I sent was actually useful.”
IT Admin
Email Admin / Security Lead
01/ Configure mailbox setup
02/ Integrate with Defender or O365
03/ Ensure enterprise coverage
• Setup process is complicated
• No unified view of threat surface or coverage gaps
• Manages abuse@ inbox setup
• Oversees integration with mail security tools
Microsoft 365, Defender, email gateway
“I care about how many threats we blocked, not just scanned.”
Severity Matrix of Phishing Intents
DESIGN FOCUS
Simplified
Condense multiple data feeds and statuses into a unified view with clear hierarchy and minimal noise.
Evidence-Driven
Use visuals and proof elements (e.g., screenshots, detection details) to support decisions and justify actions.
Scalable
Design a flexible framework to accommodate future data sources, new threat types, and evolving workflows.
DESIGN Approach
Clear
Surface email threat data in a way that is instantly understandable for both technical and non-technical users.
Contextual
Highlight the origin, intent, and severity of suspicious emails with linked evidence and metadata.
Action-Oriented
Enable cross-team visibility and role-based workflows to streamline communication and resolution.
Vision
Design
Threat-Aware. Context-Rich. Scalable.
01
Threat Intelligence at a Glance
A modular overview built for real-time decision-making. Each widget distills unstructured email data into focused, actionable insight—from malicious URL trends and submission spikes to ROI estimates and financial exposure. Color-coded bars, radial summaries, and dynamic comparisons help SOC teams cut through noise and spot patterns instantly. The layout supports triage efficiency while reinforcing the trustworthiness of AI-generated insights.
02
Email as Evidence
A forensic-level workspace designed for security analysts. This view transforms a simple forwarded email into a structured threat dossier. Each submission expands into parsed components—URLs, attachments, domains, headers, and tone—paired with NLP-detected intents and verdicts. The interface enables contextual review and takedown action with minimal friction, making every report traceable and verifiable.