GenAI Used For Phishing Websites Impersonating Brazil’s Government

Key Takeaways

Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to produce phishing templates that closely mimic official government websites, like the Brazilian State Department of Traffic and Ministry of Education.

Threat actors artificially enhance the visibility of phishing pages using SEO poisoning techniques, increasing the likelihood that a victim visits the fraudulent site.

Source code analysis reveals signatures of generative AI tools, such as overly explanatory comments meant to guide developers, non-functional elements that would typically work on an authentic website, and trends like TailwindCSS styling, which is different from the traditional phishing kits used by threat actors.

The phishing pages use forms to collect sensitive personal data, such as Cadastro de Pessoas Físicas (CPF) number, the Brazilian taxpayer identification number, along with the victim’s address, and validates that data to build trust and credibility with the victim.

The ultimate goal of these campaigns is to trick victims into sending a one-time payment to the threat actors via Pix, a popular payment platform in Brazil.

To read the complete article see: Zscaler Blog