Phishing and its variants remain one of the most persistent threats in cybersecurity, yet the focus often stays on end-user awareness or reactive responses after people have already been scammed and had their money stolen. What if we could identify them before they reach our inbox or SMS. In this talk, I’ll share my hands-on journey of discovering and analyzing phishing links and websites in the wild, from following suspicious URLs to getting them taken down. I’ll also dive into how you can get ahead of phishing threats by using open-source tools, recognizing patterns, and applying investigative techniques. This isn’t just about the analysis, it’s about shifting the mindset from reactive defense to proactive discovery.