A dashboard redesign project for CheckPhish AI, transforming static scan data into a dynamic, self-serve experience that surfaces timely alerts and actionable insights to help security teams respond faster.
Overview
TYPE
SaaS Product Design
ROLE
Lead Product Designer
TOOL
Figma
SKILL
UI/UX Design, User Research, Data Visualization
project snapshot
Clarity Level: Low
Clarity Level: High
Technical-Only
Accessible
Static
Dynamic
Fragmented
Connected
Black Box
Transparent
DESIGN FOCUS
Current
Target
Affinity mapping
Was this always malicious? Or did it turn malicious later?
If something changes, I want a timeline or a before/after view.
I need to explain to my manager what changed not just the current status.
It’s hard to convince someone to act when the tool just says ‘suspicious’ with no reason.
Clients ask what changed right now, I have no answer.
When I escalate internally, people ask for evidence. Without clear details, I lose credibility.
No one replies to abuse@ inboxes unless I escalate it manually.
I have to screenshot everything and send manual emails.
We almost lost $900K from a spoofed domain—it took too long to get it taken down.
A clean scan means nothing to me without proof.
I don’t understand why this is considered malicious.
You need to show me what triggered the verdict.
user persona
Design
Focused. Transparent. Actionable.
01
Dashboard Overview
Revamped the dashboard header with high-level summaries and visual health meters to give users an immediate sense of platform activity. Big-number highlights and color-coded trends help teams quickly grasp the state of domain threats.
02
Before
Previously, the dashboard offered only basic data with no context. There were no indicators of change, urgency, or next steps—resulting in poor usability and low engagement from teams who needed more than just raw scan results.
03
Alert Center
Built an actionable Alert Center where users can view, manage, and resolve alerts with full context. Changes are surfaced in real time, with clear explanations of what changed, when, and why. This supports better decision-making and reduces guesswork.
04
Actionable Card
Inspired by mobile fintech UI patterns, these redesigned alert cards use motion and color to emphasize severity and urgency. They combine scannable summaries with direct actions like resolve, snooze, or tag—making alert handling both efficient and enjoyable.
05
Change Tracker Table
Users needed to know what changed and why. This table breaks down key updates like verdict flips, co-scans, takedown progress, and DNS changes—giving teams confidence in the system’s reliability and helping them act faster.
06
Notification System
Designed a real-time notification panel that keeps users informed of meaningful changes—such as scan verdict updates, DNS record shifts, and peer activity (e.g., number of co-scanners). Each message is contextual, concise, and actionable, helping users stay updated without digging through logs. The system also integrates social signals (e.g., community replies) to strengthen collaboration.
07
Security Management Tools
Beyond alerts, users needed workflow tools. We added support for tagging, bulk actions, notes, and resolution tracking. This helps security teams organize their findings and manage response across large domain sets with greater efficiency.
08
Community Forum
Designed a dedicated space where users can ask questions, share threat insights, and learn from peers. The forum is organized by relevant topics like registrars, phishing kits, and social media takedowns—making it easy to find help and stay updated on phishing trends.