Web Services Giant Aruba Spoofed in Major Phishing Scam - Here's What to Look Out for to Stay Safe

Summary

Security firm Group‑IB uncovered a sophisticated, fully automated phishing framework that spoofs Aruba’s webmail login, using CAPTCHA filtering and Telegram bots to harvest credentials and payment data. The multi‑stage kit delivers phishing emails that mimic Aruba’s service‑expiry warnings, directing victims to cloned pages that relay login details to attackers via Telegram. Targeting Aruba’s 5.4 million Italian customers, the operation is designed for industrial‑scale credential theft and lowers the technical barrier for less‑skilled cybercriminals. Researchers warn that compromising a single account can expose hosted websites, domain controls, and email environments.