TZUTC: -0500   
   MSGID: 1354.consprcy@1:2320/105 2d0086a5   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Hackers are now mimicking government websites using AI - everything you need   
   to know to stay safe   
      
   Date:   
   Mon, 11 Aug 2025 17:31:00 +0000   
      
   Description:   
   Threat actors replicated two Brazilian government sites using Deepsite AI,    
   and then phished information and stole money.   
      
   FULL STORY   
      
   Experts have warned hackers recently used a generative AI tool to replicate   
   several web pages belonging to the Brazilian government in an effort to steal   
   sensitive personal information and money.    
      
   The fake websites were examined by Zscaler ThreatLabz researchers, who   
   discovered multiple indicators of the use of AI to generate code.    
      
   The websites look almost identical to the official sites, with the hackers   
   using SEO poisoning to make the websites appear higher in search results, and   
   therefore seem more legitimate.   
      
   AI generated government websites    
      
   In the campaign examined by ThreatLabz, two websites were spotted mimicking   
   important government portals. The first was for the State Department of   
   Traffics portal for applying for a drivers license.   
      
   The two sites appear to be near-identical, with the only major difference   
   being in the websites URL. The threat actor used govbrs[.]com as the URL   
   prefix, mimicking the official URL in a way that would be easily overlooked    
   by those visiting the site. The webpage was also boosted in search results   
   using SEO poisoning, making it appear to be the legitimate site.    
      
   Once on the site, the users are invited to enter their CPF number (a form of   
   personal identification number similar to an SSN), which the hacker would   
   authenticate using an API.    
      
   The victim would then fill out a web form asking for personal information    
   such as name and address, before being asked to schedule psychometric and   
   medical exams as part of the driving application.    
      
   The victim would then be prompted to use Pix, Brazils instant payment system,   
   to complete their application. The funds would go directly to the hackers   
   account.    
      
   A second website based on the job board for the Brazilian Ministry of   
   Education lured applicants into handing over their CPF number and completing   
   payments to the hacker. This website used similar URL squatting techniques    
   and SEO poisoning to appear legitimate.    
      
   The user would apply to fake job listings, handing over personal information   
   before again being prompted to use the Pix payment system to complete their   
   application.    
      
   In ThreatLabz technical analysis of both sites, much of the code showed signs   
   of being generated by Deepsite AI using a prompt to copy the official    
   website, such as TailwindCSS styling and highly structured code comments that   
   state In a real implementation    
      
   The CSS files of the website also include templated instructions on how to   
   reproduce the government sites.    
      
   The ThreatLabz blog concludes, While these phishing campaigns are currently   
   stealing relatively small amounts of money from victims, similar attacks can   
   be used to cause far more damage. Organizations can reduce the risk by   
   ensuring best practices along with deploying a Zero Trust architecture to   
   minimize the attack surface.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/hackers-are-now-mimicking-government-we   
   bsites-using-ai-everything-you-need-to-know-to-stay-safe   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426