TZUTC: -0500
MSGID: 1354.consprcy@1:2320/105 2d0086a5
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Hackers are now mimicking government websites using AI - everything you need
to know to stay safe

Date:
Mon, 11 Aug 2025 17:31:00 +0000

Description:
Threat actors replicated two Brazilian government sites using Deepsite AI, 
and then phished information and stole money.

FULL STORY

Experts have warned hackers recently used a generative AI tool to replicate
several web pages belonging to the Brazilian government in an effort to steal
sensitive personal information and money. 

The fake websites were examined by Zscaler ThreatLabz researchers, who
discovered multiple indicators of the use of AI to generate code. 

The websites look almost identical to the official sites, with the hackers
using SEO poisoning to make the websites appear higher in search results, and
therefore seem more legitimate.

AI generated government websites 

In the campaign examined by ThreatLabz, two websites were spotted mimicking
important government portals. The first was for the State Department of
Traffics portal for applying for a drivers license.

The two sites appear to be near-identical, with the only major difference
being in the websites URL. The threat actor used govbrs[.]com as the URL
prefix, mimicking the official URL in a way that would be easily overlooked 
by those visiting the site. The webpage was also boosted in search results
using SEO poisoning, making it appear to be the legitimate site. 

Once on the site, the users are invited to enter their CPF number (a form of
personal identification number similar to an SSN), which the hacker would
authenticate using an API. 

The victim would then fill out a web form asking for personal information 
such as name and address, before being asked to schedule psychometric and
medical exams as part of the driving application. 

The victim would then be prompted to use Pix, Brazils instant payment system,
to complete their application. The funds would go directly to the hackers
account. 

A second website based on the job board for the Brazilian Ministry of
Education lured applicants into handing over their CPF number and completing
payments to the hacker. This website used similar URL squatting techniques 
and SEO poisoning to appear legitimate. 

The user would apply to fake job listings, handing over personal information
before again being prompted to use the Pix payment system to complete their
application. 

In ThreatLabz technical analysis of both sites, much of the code showed signs
of being generated by Deepsite AI using a prompt to copy the official 
website, such as TailwindCSS styling and highly structured code comments that
state In a real implementation 

The CSS files of the website also include templated instructions on how to
reproduce the government sites. 

The ThreatLabz blog concludes, While these phishing campaigns are currently
stealing relatively small amounts of money from victims, similar attacks can
be used to cause far more damage. Organizations can reduce the risk by
ensuring best practices along with deploying a Zero Trust architecture to
minimize the attack surface.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-now-mimicking-government-we
bsites-using-ai-everything-you-need-to-know-to-stay-safe

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426