Imagine the scene: you're caught up in the daily rush, with a million things on your mind, and suddenly, boom , a message arrives on your WhatsApp. It's supposedly a summons from a notary's office, mentioning an outstanding issue with your income tax return. The worst part? The message includes your full name and CPF (Brazilian ID number). It sends a chill down your spine, doesn't it?
The first impulse is to click the link to resolve the issue quickly, fearing having your account blocked or getting into serious trouble with the tax authorities. But hold on! This message, which seems super official, is actually a very well-orchestrated phishing scam .
I, Alex Oliveira (CTO here at Lumiun), went through this and decided to dismantle this scam step by step to show you how criminals are operating and, most importantly, how you can protect your company and your team from this online tax fraud .
Watch the Video or Continue Reading!
If you'd prefer to see how the scam works in practice, watch the full video below. Alternatively, continue reading for all the details in writing!
What makes this scam so dangerous is the social engineering behind it. They use your real data to create a sense of urgency and trust.
- The Scary Message: It all starts with a message on WhatsApp or email, using your data to catch you off guard. The tone is urgent and pressures you to resolve the problem immediately.
WhatsApp message - The Fake Consultation Page: By clicking the link, you are taken to a page that mimics the look of the Brazilian Federal Revenue Service website and asks for your CPF (Brazilian taxpayer ID number). They do this to validate the scam and make you think it's a real consultation system.
Fake website of the Brazilian Federal Revenue Service. - The Irresistible (and False) Offer: Next, an urgent notice about the debt appears and, of course, the "solution": pay now with a discount (In my case, it was R$ 138.00). The amount is usually small enough to seem plausible.
Urgent message - The Pressure of the Stopwatch: To prevent you from having time to think, they throw you into an automated chat with a supposed "audit" and give you a very short deadline (like 10 minutes) for payment via Pix. The pressure is intense!
Pix Key – Stopwatch
3 Proofs That This IRS Phishing Scam
In the rush of things, it's easy to fall for it. But if you stop for a second to analyze, the scam leaves traces. I did a thorough investigation and found three irrefutable pieces of evidence:
1. The Weird Domain: What Does Whois Reveal?
The first and easiest warning sign is in the website address. In my case, the address was something like situacaofiscal.is . The .is is the Icelandic domain!
Be aware: The Brazilian Federal Revenue Service and any other Brazilian government agency ONLY .gov.br domain . If it doesn't have .gov.br , it's definitely a scam.
Furthermore, a quick search on Whois (the "registry" for websites) shows that fraudulent domains have been registered for just a few days, while government websites have existed for years. New domain + foreign ending = Maximum Alert!
2. Where Does Pix Go? Registration Status and Street View
Pix is the ultimate tool in the scam. By copying the code and pasting it into the bank's app, the mystery is solved: the recipient is NOT the Federal Revenue Service. The money is going to the account of some private company that has nothing to do with the government.
To expose this once and for all, you can do two quick searches:
- CNPJ lookup: By taking the company's CNPJ (which appears in the bank's app) and consulting the registration statusYou discover that it was opened very recently, often with a negligible amount of capital, just to carry out the scam.
CNPJ lookup - Location on Google Street View: If you enter that company's address into Google Maps and use the Street ViewYou'll see it's a random location, an abandoned house or a vacant lot. It's definitely not the headquarters of a company that processes official payments for the government.
Street View – Google Maps
3. Reclame Aqui Doesn't Lie
The ultimate proof that this is a mass scam is the search on Reclame Aqui (a Brazilian consumer complaint website). When searching for the company that would receive the Pix payment, you find several complaints from other people who fell for the exact same scam, mentioning the Federal Revenue Service and this Pix payment system.
How to Protect Your Team and Network from Phishing
The big problem is that, on a busy day, a scared employee isn't going to do all that investigation. He'll pay the R$138.00 to get it resolved quickly.
Training helps , of course, but you can't rely solely on individual attention. You need a protective barrier to prevent the problem from occurring.
That's where an internet access filter on your network.
The Silent Solution: Lumiun DNS
Here at Lumiun, we use our own product, Lumiun DNS . It works like a digital gatekeeper, filtering out dangerous content before it reaches the user's screen.
Lumiun DNS panel , simply activate the Advanced Protection or Basic Protection . This list is constantly updated with phishing sites, fraud, and newly registered domains, exactly like situacaofiscal.is .
What happens in practice?
If your employee receives the link and clicks on it, the website won't even open . Lumiun DNS blocks access immediately and warns: "This website has been blocked by the protection filter."
The scam dies right there. The employee doesn't get scared, the company doesn't lose money, and the criminal is left empty-handed. The risk is nipped in the bud, without depending on anyone's attention.
Don't Rely Solely on Common Sense
Scams are becoming increasingly personal, using our real data to create pressure and fear. In today's fast-paced world, relying solely on common sense or antivirus software is no longer enough. You need a layer of network protection that filters out dangerous content before it reaches the user's screen.
If you want to have this peace of mind in your company and stop worrying about the next click, the solution is to have domain filtering .
Want to see the scam in action?
If you want to see the step-by-step process of how I exposed this scam, watch the full video on our YouTube channel!
Lumiun DNS protection in your company, create your account now, it's free !
