Brazilian criminal groups are weaponizing artificial intelligence (AI) to promote high-tech fiscal fraud and taking advantage of the gaps in the rapidly growing digital ecosystem as banks, lawmakers and police to challenging them.
Cybercrime losses reached an estimated $54 billion in 2024, even as street crime fell and Brazil's murder rates fell by 10 years, according to the global anti-SCAM alliance.
reference: Technology is increasingly at the heart of Brazil's crime operations
Connectivity is driving a surge in connectivity. With 86% of Brazilians online, around 217 million smartphone connectivity, 75% of banking transactions on mobile devices and over 70% registered on Gov.BR, Brazil's national digital identity platform, the country has become Goldmine of Cyber Criminal.
Insight Crime highlights three recent cases where Brazil's extensive connectivity and AI tools allow cybercriminals to perform increasingly sophisticated and advantageous operations.
Rio Ghost Rider
In August 2025, Rio de Janeiro police dismantled the scam ring behind nearly 2,000 fake Uber trips. The group used AI-generated images to bypass identity checks, created dozens of fake drivers and passenger accounts, and bypassed Uber's verification system.
Once the account was activated, the scammers manually booked long rides with extra stops to inflate the fare. The Ghost “Rider” canceled his account before the payment was processed, and Uber made him pay the “Driver.” The stolen funds were then leaked through Pix, an instant payment system used by over 182 million Brazilians, and quickly spread across multiple accounts at least initially to avoid detection.
PIX processes over 6 billion transactions per month. It will outweigh the credit card and debit card. That speed allows fraudsters to siphon up the funds before banks and investigators can respond, making it extremely difficult to recover assets.
reference: Brazilian Red Command has turned Turf Control into a Monopoly on the Rider
Uber finally revealed the scheme. The company told Insight Crime that the anti-Fraud team flagged its activities, warned authorities and is currently working with the Rio Police Department. Gilherme Geiros, a criminal lawyer specializing in cybercrime, says Brazilian authorities had limited options without Uber's cooperation. “It's the responsibility of companies like Uber and you need to know how you can operate their platform… [only they have] “The ability to detect and prevent such fraud,” he said.
The scale of the operation became clear after Rio Police launched an investigation. A complete restructuring of the transaction later revealed that one suspect had moved $136,000 in just four months.
Deepfake Doctor
Riding scams are just one aspect of a wider shift. Brazilian crime groups use AI-generated deepfakes to build synthetic identities, circumvent biometric protection measures in banking and government systems, and enable large-scale digital robberies.
The threat created headlines in August 2025 when authorities closed down a small, sophisticated network operating in Sao Paulo, Espirito Santo and Para. Those arrested included a 44-year-old Sao Paulo man convicted of previous fraud that forged documents and moved stolen funds. Para, 20 years old, harvested sensitive data with WhatsApp bots. And Espirito Santo's 29-year-old document forger.
The group targeted the doctors of Rio Grande Do Sul. After breaching their Gov.Br account, they recruited Lookalikes for photos and created fake IDs that could use AI to digitally modify the images and bypass facial recognition protection measures.
reference: Scam groups use deepfakes to enhance imitation scams in Peru
The IDs were then often used to open up highlands for businesses, opening accounts to wash out unfair funds, and pouring small quantities conservatively through multiple accounts and PIX platforms to avoid detection.
Brazil's LAX Digital Banking, Customer (KYC) and Money Laundering Anti-Money Laundering Rules combined with slow court procedures to access transaction data, scammers moved cash in hours, and investigators spent months trying to track it down, Gueiros told Insight Crime.
These systematic gaps led to immediate losses for the victims. Investigators confirmed that the fraudster tried to divert around $130,000. The scheme was only revealed when the doctor reported that his government account had been hacked.
Next Level of Fishing
Deepfake identity fraud is on the rise in Brazil, but phishing remains the main way cybercriminals use to access their accounts and devices. One of the oldest digital fraud tactics dating back to the mid-1990s is that phishing works by sending deceptive messages via email, text, or other channels with malicious links and attachments. Spoofing as a trusted entity, criminals trick the victim into installing malware that steals personal or financial data. It is often the first step in a larger cyberattack.
Phishing is amplified by AI to create more persuasive fake websites, automate mass distribution, accelerate content changes, manipulate search results, and overwhelm traditional takedown efforts.
A Brazilian group known as “pineapple” used AI to escalate its phishing campaign. Using cloud platforms and spoofing of AI-assisted sites, the group has created a compelling clone of the official website. In 2024, it simulated Brazilian tax authorities, directed victims to fake portals that harvested personal data when they tried to deliver malware and download tax forms.
reference: The threat of global malware born in Brazil
In 2025, an unidentified group moved into a completely AI-driven phishing attack, using generation tools such as DeepSite AI and Blackbox AI to create surreal websites for the Brazilian Transportation Department and Ministry of Education. They manipulated search engine optimization (SEO) techniques, embedding keywords and metadata, and secured malicious sites ranked at the top of users' searches.
The victim was then invited to submit personal data, including individual taxpayer registration (Cadastro de Pessoas físicas, CPF) numbers, and was urged to pay a “fee” of about $16 via Pix. Although individual losses were low, the campaign targets around 10,000 people and could win $160,000 on illegal profits. Beyond the victims of fraud, fraud compromised sensitive government and banking systems.
No arrests have been reported so far, indicating how quickly AI-driven fraud can outperform Brazil's cybercrime institutions. In fact, Zscaler Threatlabz's US-based analysts have detected the scheme, not Brazilian officials.
AI enhances phishing by promoting social engineering. It drives people to reveal sensitive information, Gueiros said. “AI is primarily used to fool people and to make them believe something is real when they don't,” he explains, allowing criminals to collect data and push victims into dangerous behavior. It's faster and more cost-effective than a compromised system.
However, AI tools are not the core issue. Phishing still acquires human vulnerability. New cybercrime tactics training authorities can help with the investigation, Gueiros said, but “preventing fraud ultimately depends on improving digital literacy and educating the public to recognize and resist these frauds.”
Featured Image: A snapshot of a fake face generated by a doctor's AI, based on Lookalikes adopted by a criminal group in Rio Grande Dur. Credit: RBS TV
