Threat actors are using Generative AI to carry out phishing attacks by impersonating government websites.

Cybercriminals have significantly advanced their phishing operations by leveraging generative artificial intelligence tools to create highly convincing replicas of government websites. A recent campaign targeting Brazilian citizens illustrates how threat actors exploit AI-powered platforms such as DeepSite AI and BlackBox AI to fabricate authentic-looking duplicates of official portals, specifically impersonating Brazil’s State Department of Traffic and Ministry of Education websites. This evolution in phishing tactics marks a shift from traditional phishing kits to more sophisticated, automated website replication techniques.

These malicious actors employ search engine optimisation poisoning strategies to artificially boost their fraudulent pages in search results, ensuring that victims encounter these deceptive sites while searching for legitimate government services. The primary attack vectors of the campaign include enhanced search rankings and potentially targeted email distribution, creating multiple pathways for victim engagement. Zscaler researchers identified this campaign through a thorough analysis of suspicious domains and source code, revealing distinctive signatures of AI-generated content. The financial impact, while centred on modest individual losses of approximately R$87.40 (around $16 AUD) per victim, accumulates to substantial illicit revenue generation across numerous victims.