Phishing and its variants remain one of the most persistent threats in cybersecurity, yet much of the attention still focuses on user awareness or reactive responses after people have already been scammed and had their money stolen.
This talk aims to shift that perspective by exploring how phishing infrastructure can be identified, investigated, and reported before it causes harm. We'll look at real-world examples of phishing campaigns, how they're found, how their structure is analyzed, and the steps taken to bring them offline. Along the way, highlight the common frustrations and challenges that arise during this process, including the difficulties of working with hosting providers and registrars.
From there, explore how we can move beyond reactive approaches and start identifying these threats earlier, before they reach the inbox or SMS. I attempted to write a tool designed to detect potential phishing campaigns by monitoring domain registrations and analyzing it. This in itself has challenges. I have also tried to leverage other methods, and thus far it's still part of the research.
As phishing tactics continue to evolve, it’s clear that we need stronger coordination between researchers, ISPs, registrars, and the wider security community. To close, I’ll pose a question to the audience: what more can we do together to make a meaningful impact? I invite your thoughts, questions, and participation in pushing this fight forward.