Criminals follow the masses. And the masses are largely undefended.
In a country where digital life has flourished faster than digital wisdom, Brazil now absorbs 553 million phishing attempts each year — more than two every second — while 28 million of its citizens fell victim to Pix fraud in 2025 alone. The asymmetry between technological adoption and security literacy has made Brazil the continent's most targeted nation, a condition that artificial intelligence is now exploiting with unprecedented precision. Into this breach, the Federal Institute IFSULDEMINAS has opened 150 free places in an online course on internet security fundamentals, a modest but deliberate act of civic education aimed at the everyday users — teachers, public servants, retirees — who stand most exposed.
- Brazil absorbs over 1.5 million phishing attempts daily, and AI-powered campaigns surged 1,265% in 2026, making even cautious users vulnerable to messages that look entirely legitimate.
- Deepfake technology can now clone a person's voice from fifteen seconds of audio, enabling fraudsters to stage fake emergency calls and fabricated videos of public figures to extract money and personal data.
- 28 million Brazilians lost money to Pix fraud in 2025, with the majority of victims over fifty — a generation that adopted digital payments without ever receiving formal guidance on how to use them safely.
- IFSULDEMINAS is offering 150 free spots in a 30-hour online course targeting not IT professionals, but ordinary citizens whose daily work depends on digital tools they were never trained to protect.
- The stakes extend beyond individuals: a single phishing click by a government employee led to the theft of 15 million reais from Brazil's federal financial system, illustrating how personal vulnerability becomes institutional catastrophe.
Brazil's relationship with digital technology is one of genuine enthusiasm — 175 million connected citizens using Pix transfers, banking apps, and social media as natural extensions of daily life. But that enthusiasm has outrun education, and criminals have noticed. In the past year alone, 553 million phishing attempts landed in Brazil, accounting for 43 percent of all such attacks across Latin America. More than 28 million Brazilians fell victim to Pix-related fraud in 2025, and over half of them were older than fifty.
The threat has grown more sophisticated in 2026. Artificial intelligence has rendered the old warning signs — typos, suspicious links, unknown senders — nearly obsolete. Fraudsters now craft personalized messages using data harvested from breaches: the victim's name, bank, city, purchase history. AI-powered phishing campaigns grew by 1,265 percent this year. Deepfakes compounded the danger further, with manipulated audio and video rising 830 percent between 2024 and 2025. A voice can now be cloned from fifteen seconds of public audio — enough to simulate a family emergency and request an urgent Pix transfer.
The consequences reach beyond individual loss. A phishing attack on a single government employee led to the theft of 15 million reais from SIAFI, Brazil's federal financial system. Teachers and public servants have become priority targets precisely because they use digital tools intensively without having received security training — one vulnerable person can expose an entire institution.
In response, IFSULDEMINAS — the Federal Institute of Education, Science and Technology of Southern Minas Gerais — has opened 150 free spots in a 30-hour online course called Internet Security Fundamentals, with enrollment closing June 7, 2026. The course is not designed for specialists. It is built for anyone whose daily life now runs through a screen: how to recognize phishing, manage passwords, enable two-factor authentication, and understand what it means to be a responsible digital citizen. It is a small intervention against an enormous problem — but in a country where the gap between digital adoption and digital awareness has become a national vulnerability, it is also a necessary one.
Brazil is under siege from digital fraud at a scale that has become almost abstract in its enormity. In the span of a single year, the country's internet users faced 553 million phishing attacks—an average of 1.5 million attempts per day, more than two every second. The numbers come from Kaspersky's 2025 Cyber Threats Report, and they tell a story that extends far beyond statistics: 28 million Brazilians fell victim to Pix fraud alone in 2025, with more than half of them over fifty years old.
What makes Brazil such a lucrative target is a particular kind of vulnerability—not ignorance, but asymmetry. The country has embraced digital technology with genuine enthusiasm. Pix transfers, banking apps, social media, online shopping: these are woven into daily life for 175 million connected Brazilians. But that adoption has outpaced education. People use these tools constantly, often for work, yet most have never received formal training in how to protect themselves. A Kaspersky analyst put it plainly: criminals follow the masses. And the masses, in Brazil, are largely undefended.
The problem has accelerated dramatically in 2026. Artificial intelligence has fundamentally changed what a phishing attack looks like. The old advice—watch for typos, suspicious links, unknown senders—still applies, but it has become almost quaint. AI-powered phishing campaigns grew by more than 1,265 percent this year, according to Vantico. Fraudsters now have access to tools that personalize every message: they know the victim's name, city, bank, and purchase history, all harvested from data breaches. The result reads like a legitimate communication from start to finish.
Deepfakes have added another dimension of danger. Videos and audio recordings manipulated by AI grew 830 percent between 2024 and 2025, according to Brazil's Federal Police. The technology has become precise enough to clone someone's voice from just fifteen seconds of public audio—enough to stage a fake emergency call asking for a Pix transfer. Fabricated videos of known journalists, government officials, and religious figures now circulate online, all created by AI, all announcing false financial promotions or system changes designed to trick people into revealing information or moving money.
In response, the Federal Institute of Education, Science and Technology of Southern Minas Gerais—IFSULDEMINAS—has opened 150 free spots in a course called Internet Security Fundamentals. Enrollment runs through June 7, 2026. The course is not aimed at IT specialists or technical professionals. It is designed for anyone who uses the internet: teachers, public servants, retirees, office workers, anyone whose daily life now involves digital tools but who has never received formal instruction in how to use them safely.
The course spans thirty hours, delivered entirely online, and covers the foundations that actually matter. Participants will learn the three pillars of information security—confidentiality, integrity, availability—and how to identify the threats that target them: phishing, malware, data breaches, virtual fraud. They will learn how to navigate safely, manage passwords securely, use two-factor authentication, and understand their responsibilities as digital citizens. The IFSULDEMINAS certificate carries weight; it signals completion of a structured program, not just casual reading.
The urgency is real. Teachers and public servants have become priority targets for criminals, not because they are careless with technology, but because they use it intensely without having received security training. A single employee who clicks a malicious link can expose an entire institution. In one case that Kaspersky highlighted, a phishing attack on a government worker led to the theft of 15 million reais from SIAFI, Brazil's federal financial system. One click. One person. Millions gone.
Brazil accounts for 43 percent of all phishing attacks in Latin America—out of 1.29 billion attempts across the region, 553 million landed in Brazil. That represents an 80 percent increase from the previous year. The country has become the continent's primary target because the conditions are perfect: widespread digital adoption, low security literacy, and a population that has learned to trust digital tools without learning to question them. The free course is an attempt to shift that equation, to build a foundation of awareness that might help people recognize danger before they become victims.
Notable Quotes
The criminal follows where the masses are— Kaspersky cybersecurity analyst
A single employee who clicks a malicious link can expose an entire institution— Kaspersky case analysis of SIAFI breach
The Hearth Conversation Another angle on the story
Why is Brazil specifically such a target? It's not the only country with high internet adoption.
It's the gap between adoption and education. Brazilians use digital tools constantly—banking, shopping, work—but most never learned how to protect themselves. Criminals follow where the money and the vulnerability intersect.
The AI numbers are striking. 1,265 percent growth in AI-powered phishing. What does that actually change about how an attack works?
It eliminates the old tells. A phishing email used to have typos, generic greetings, suspicious links. Now AI personalizes everything—knows your name, your bank, what you bought last month. It reads like it came from someone you trust.
And the deepfakes—cloning a voice from fifteen seconds of audio seems almost impossible.
It's not anymore. Someone can take a clip from a public video or social media and use it to call you pretending to be a family member in an emergency, asking for a Pix transfer. The voice sounds exactly right.
So the course is trying to teach people to be skeptical again, but in a world where skepticism is harder to justify?
Exactly. It's teaching the fundamentals—how to think about security, not just memorize rules. Because the rules keep changing, but the principles don't.
Who are the people most at risk right now?
Older Brazilians, especially. Fifty-three percent of Pix fraud victims in 2025 were over fifty. But also teachers and government workers—people who use the internet constantly for their jobs but never got formal training in how to stay safe.
And one person clicking a wrong link can cost millions, as happened with that government system?
Yes. That's why this course exists. It's not about making everyone a security expert. It's about building a baseline of awareness so people understand what they're protecting and why it matters.