Phishing and its variants remain one of the most persistent threats in cybersecurity, yet much of the attention still focuses on user awareness or reactive responses after people have already been scammed and had their money stolen.
This talk aims to shift that perspective by exploring how phishing infrastructure can be identified, investigated, and reported before it causes harm. We'll look at real-world examples of phishing campaigns—how they're found, how their structure is analyzed, and the steps taken to bring them offline. Along the way, highlight the common frustrations and challenges that arise during this process, including the difficulties of working with hosting providers and registrars.
From there, explore how we can move beyond reactive approaches and start identifying these threats earlier—before they reach the inbox or SMS. I will also discuss my own work in building a tool designed to detect phishing campaigns by monitoring domain registrations, leveraging OSINT sources, and analyzing passive data. Although the tool is in its infancy stage, I’ll share what the tool can currently do, how it works, and the direction I hope to take it with more development and collaboration.
As phishing tactics continue to evolve, it’s clear that we need stronger coordination between researchers, ISPs, registrars, and the wider security community. To close, I’ll pose a question to the audience: what more can we do—together—to make a meaningful impact? I invite your thoughts, questions, and participation in pushing this fight forward.