Systems, methods, and media are used to identify phishing attacks. A notification of a phishing attempt with a parameter associated with a recipient of the phishing attempt is received at a security management node. In response, an indication of the phishing attempt is presented in a phishing attempt search interface. The reported phishing attempts may be aggregated based upon specified criteria to avoid redundant incidents that may hinder remediation efforts.