Unauthorized cyber actors employing AI techniques to mimic government sites: Critical insights for safeguarding your digital security
In a concerning development, hackers have been using generative AI to create highly convincing replicas of official Brazilian government portals, including the State Department of Traffic’s driver’s license application portal and the Ministry of Education’s job board.
These fake sites, built using platforms like DeepSite AI and BlackBox AI, mimic government services with authentic-looking website code, text, and images. Hackers employ SEO poisoning to boost their ranking in search engine results, making it more likely for unsuspecting users to stumble upon these fraudulent sites instead of the legitimate ones.
The replicated websites, such as those for the State Department of Traffic's portal for applying for a driver's license, often use URLs very similar to official government domains (e.g., ) to trick users visually into thinking they are on an authentic site. Victims are lured to these sites and tricked into submitting personal information or making payments through Brazil’s Pix instant payment system, incurring financial losses averaging about R$87.40 (~$16 USD) per victim.
Users applying to fake job listings on the education ministry's replica were prompted to use the Pix payment system to complete their application. In addition, they were asked to provide personal information such as name and address, and even scheduled psychometric and medical exams as part of the driving application.
The code of both replicated websites showed signs of being generated by Deepsite AI, with TailwindCSS styling and structured code comments indicating a real implementation. This represents an evolution from traditional phishing kits, enabling more automated, scalable, and sophisticated social engineering attacks targeting government digital services.
However, it's important to note that there are several identity theft protection tools available for users, as well as top-performing password managers currently on the market. Organizations can reduce the risk of such attacks by ensuring best practices and deploying a Zero Trust architecture to minimize the attack surface.
The ThreatLabz blog warns that while the current phishing campaigns are stealing relatively small amounts of money, similar attacks can cause more damage. They urge users to remain vigilant and to double-check the authenticity of websites before entering any sensitive information or making payments.
