Attackers use AI (Generated websites) to create believable government phishing websites, tricking Brazilian users into giving personal data and paying via Pix.
The use of AI makes the phishing more sophisticated, but there are technical signs (in code) that research teams can identify—and defenders have mitigations.
The Symania Way:
Symania uses an authentication method with registered web sites only. to the Symania's system.
Symania’s method is phishing-resistant comparing to traditional password + OTP and also more secure than other authenticators setups because it doesn’t rely on secret strings of any kind, that attackers can steal; instead, it uses a human cognitive challenge by a “mental symbol” + real user interaction, which defines that the user is doing the authentication only in front of Symania.
When combined with Symania’s SSO option in which the user first registered to a central SSO service providers it makes this phishing scam impossible.
