Just had a new phishing scam posing as aruba[dot]it. The email at first seems harmless at first, but the email shows many red flags.
in the email it says
"Dear Customer
Hello,
we inform you that the domain that resulted from this post account will expire on 10/26/2025 .
Dеѕіdеrіаmо rіsоrdаrе сhе, quаlоrа іl dоmіnіо nоn vеngа rіnnоvаtо еntrо tаlе dаtа, quеѕtі е all і ѕеrvіzі аѕѕоѕіаt, сѕѕоѕіаt сѕеѕlе lеѕlе roѕtа vеrrаnnо dіѕаttіvаtе е nо nrótrаnnо ріù еѕѕеrе utіlіzzаtе еr lіnvіо е lа rісеzіоnе.
Invoice No .: 123653914
Amount due : €4.37
Due date : 27/10/2025
----------------------------- -----------------------
Ruoі assedеrе аllа tuа аrеа slіеntі рr vіѕuаlіzzаrе е ragаrе lа fаtturа"
the english translation:
"We would like to remind you that, if the domain is not renewed by this date, this and all associated services will be deactivated and can no longer be used for sending and receiving."
The greeting is generic; companies address you by your real name and are more formal. The email also has poor grammar.
Examples
"risordare" should be "ricordare" (to remind).
"all i servizi" should be "tutti i servizi" (all the services).
"assosiat" should be "associati" (associated).
"nrótranno" should be "non potranno" (will not be able to). The "ró" character is not a correct Italian form.
"utіlіzzаtе" should be "utilizzati" to agree with the masculine plural noun "servizi."
"er linvio" should be "per l'invio" (for the sending).
The email creates a sense of urgency, stating the domain will "expire on 10/26/2025" and be "deactivated" if not renewed by "Due date 27/10/2025". A classic scam tactic.
The button link "RINNOA IL DOMINIO" reveals a phishing link: https://www[dot]progressiveketamine[dot]com/arubapanel/web/login[dot]php (please try not click the link to open the address.) it may seems harmless, but after check the link with virustotal. there were hits of phishing scripts embedded to the web address. Also the link is a redirect, this is a classic form for scammers to steal personal information from the victim.
However, real links for guides and contact support are prescient in the email, indicating the scammer/hacker was attempting to confused the victim: (I''ve only posted the virustotal links for this one)
The big identifier is the email from a university in Chile: ubo[dot]cl. This is not normal for any company; the university email is likely compromised.
Hope this helps you bitdefender and hope that the information i gave will end this scam for good.
