A large-scale phishing campaign is actively targeting customers of the major Italian web services provider, Aruba S.p.A. The attackers are spoofing the company’s brand in an attempt to steal sensitive financial information through deceptive emails concerning domain renewals.

The fraudulent emails create a strong sense of urgency, falsely claiming that the recipient’s domain is about to expire. To increase their legitimacy, the messages incorporate Aruba’s official logo and branding, warning of imminent service suspension and potential data loss if immediate action is not taken.

Anatomy of the Aruba Phishing Campaign

The core of the scam is an email with an alarming subject line, such as “Renew your expiring domain,” designed to prompt an immediate response from the user. Inside the email, victims are instructed to click a link to a fraudulent renewal page. This webpage is a carefully crafted replica of Aruba’s official payment portal.

Once a user lands on this fake page and attempts to complete the ‘renewal,’ they are prompted to enter their credit card details. This information is then captured directly by the threat actors. The high-quality design of both the email and the fraudulent website makes it difficult for unsuspecting customers to identify the communication as a scam.

How to Identify and Avoid the Scam

There are several key indicators that can help users identify these fraudulent emails. The most critical element to check is the sender’s email address. The phishing messages originate from unofficial, suspicious-looking domains, not the official aruba.it domain used by the company. Users should also hover their mouse over any links before clicking to inspect the destination URL, which will point to a non-Aruba web address.

Aruba advises its customers to be cautious and to access their accounts by navigating directly to the official company website in their browser. Legitimate renewal processes are handled through the secure customer portal. Any email that pushes for immediate payment through a direct link should be treated with extreme suspicion and reported.

Source: https://www.techradar.com/pro/security/web-services-giant-aruba-spoofed-in-major-phishing-scam-heres-what-to-look-out-for-to-stay-safe