conducting-phishing-incident-response

Installation
SKILL.md

Conducting Phishing Incident Response

When to Use

  • A user reports receiving a suspicious email via the phishing report button or abuse mailbox
  • Email gateway detects a malicious email that bypassed initial filtering
  • Threat intelligence indicates an active phishing campaign targeting the organization
  • A user confirms they clicked a link or opened an attachment from a suspicious email
  • Credentials have been entered on a suspected phishing page

Do not use for business email compromise (BEC) involving compromised internal accounts; use BEC response procedures which focus on account takeover investigation.

Prerequisites

Installs
101
GitHub Stars
24.2K
First Seen
Mar 15, 2026
conducting-phishing-incident-response — mukul975/anthropic-cybersecurity-skills