24 Mar 2026
Electoral protection in Brazil

Elections increasingly attract cyber operations that target politicians, businesses and the public. These activities range from espionage campaigns against political parties, to influence operations seeking to shape opinions, sow discontent or undermine democratic processes.

This newsletter, published twice a month, provides an overview of key cyber incidents and emerging threats related to the upcoming October 2026 general elections in Brazil. It offers recommendations on how organizations and individuals can mitigate and protect against these threats.

Key incidents

In this issue we focus on:

Meta files lawsuit against Brazilian advertisers over celeb-bait scams

US technology company Meta said it was taking legal action to stop deceptive advertising on its platforms in Brazil, as well as China and Vietnam, according to cyber news outlet The Hacker News.

LATAM organizations targeted more than twice as often as those in the US

LATAM is now the most targeted region in the world for cyber threat actors, according to a report from cyber security company Check Point. The March 2026 report noted that LATAM organizations face an average of around 3,100 cyber threats a month, compared with US organizations facing just under 1,500.

53% year-over-year rise in weekly cyber attacks targeting LATAM, as of late 2025. 

(Source: Dark Reading, Check Point March 2026 report)

Researchers attributed the increased targeting to the relative immaturity of cyber security measures in the region, as well as uneven security investments and mixed IT environments.

Mitigation advice twice a month

  • Strengthen controls around digital advertising and brand impersonation. Review how your brand, executives and spokespersons could be misused in deceptive or scam advertising campaigns. Establish internal processes to rapidly detect and report fraudulent ads, impersonation attempts or unauthorized use of names, images or voice likenesses on major platforms.
  • Integrate election‑related disinformation scenarios into crisis management planning. Ensure coordination between cyber security, communications, legal and executive leadership when responding to politically sensitive incidents.
  • Enhance verification requirements for externally sourced content and communications. This helps reduce exposure to scams, social engineering and influence operations exploiting heightened political attention.
  • Tailor employee awareness. Go beyond generic security training by incorporating examples of scam advertising, celebrity impersonation and AI‑generated content relevant to the Brazilian political context. Emphasize how such tactics may target both individuals and organizations during periods of increased political polarization.
  • Subscribe to reputable threat intelligence services that provide timely updates on election-related cyber threats, including those targeting political parties, government agencies and private sector organizations. 
  • Establish clear external escalation and reporting pathways. Define when and how to engage regulators, platform providers, legal counsel, or law enforcement if the organization is impacted by election‑related cyber incidents, scam campaigns, or disinformation activity.

Meta files lawsuit against Brazilian advertisers over celeb-bait scams

  • 27 February 2026: As part of its action, Meta said it had blocked and disabled related website domain names and accounts and suspended the advertisers’ methods of payments. In addition, Meta announced it had issued cease and desist letters to eight marketing consultants who claimed the ability to bypass Meta’s ad policy enforcement mechanisms, according to The Hacker News.
  • Brazil-based Vitor Lourenço de Souza and Milena Luciani Sanchez are facing lawsuits for allegedly using manipulated images and voice recordings of celebrities to market fraudulent healthcare products. In addition, B&B Suplementos e Cosméticos Ltda. (Brites Corp), Brites Academia de Treinamento Ltda., and individuals Daniel de Brites Macieira Cordeiro and José Victor de Brites Chaves de Araújo are being sued for their alleged roles in a scheme that used fabricated images of a famous physician to promote unapproved healthcare products and to sell courses instructing others on how to carry out similar practices.
  • Implications: As with the use of deepfakes and false content – which have been prohibited in political and electoral campaigns by the Brazilian Supreme Court – such deceptive ads can be quite convincing and influential. It is likely that fake celebrity endorsements of candidates could also be a tactic of bad actors in the lead-up to the October 2026 elections.

LATAM organizations targeted more than twice as often as those in the US

Not only was the volume of attacks significantly higher in LATAM, but the method for initiating attacks and types of organizations targeted also differed significantly, according to the Check Point report. Malicious files were delivered via email approximately 74% of the time in LATAM, with phishing campaigns continuing to prove most impactful – especially those impersonating communications from financial or governmental institutions. In the US, by contrast, some 95% of malicious files were delivered via compromised websites and the like. 

Threat actors also seem to be focusing on different sectors in the region. For a number of months consecutively, healthcare has been the most targeted sector in LATAM, and in February 2026, it was targeted some 28% more than the next most targeted sector, which was education. Experts pointed to varying levels of maturity in the region, mixed IT environments and uneven security investments as the main impetus for targeting LATAM.

Focus on: The prevalence and impact of deceptive and scam advertising

Cyber security company Gen Digital conducted a 23-day study in February of 14.5 million ads running on Meta platforms and concluded that almost one in three (31%) pointed to a scam, phishing or malware link. 

According to Gen Digital: "In total, scam ads generated more than 300 million impressions in less than a month". The cyber security company also said: "The activity was highly concentrated, with just 10 advertisers responsible for over 56% of all observed scam ads. Repeated campaign clusters were traced to shared payment and infrastructure linked to China and Hong Kong, indicating organized, industrial-scale operations rather than isolated bad actors".

Scams also appear to combine malvertising and pig butchering techniques to defraud victims, by luring them into clicking on investment-themed ads and then redirecting them to engage directly with phony investment advisors or experts, according to The Hacker News.

  • What exactly is pig butchering? A pig butchering scam is an online fraud where scammers build trust through fake relationships before tricking victims into investing in fraudulent schemes, often involving cryptocurrency.

Electoral protection in Brazil: cybersecurity training and support

Register to receive these twice-monthly reports

Register here

You may also be interested in