Just had a new phishing scam posing as aruba[dot]it. The email at first seems harmless at first, but the email shows many red flags.
in the email it says
"Dear Customer
Hello,
we inform you that the domain that resulted from this post account will expire on 10/26/2025 .
Dеѕіdеrіаmо rіsоrdаrе сhе, quаlоrа іl dоmіnіо nоn vеngа rіnnоvаtо еntrо tаlе dаtа, quеѕtі е all і ѕеrvіzі аѕѕоѕіаt, сѕѕоѕіаt сѕеѕlе lеѕlе roѕtа vеrrаnnо dіѕаttіvаtе е nо nrótrаnnо ріù еѕѕеrе utіlіzzаtе еr lіnvіо е lа rісеzіоnе.
Invoice No .: 123653914
Amount due : €4.37
Due date : 27/10/2025
----------------------------- -----------------------
Ruoі assedеrе аllа tuа аrеа slіеntі рr vіѕuаlіzzаrе е ragаrе lа fаtturа"
the english translation:
"We would like to remind you that, if the domain is not renewed by this date, this and all associated services will be deactivated and can no longer be used for sending and receiving."
the greating is generic, company will address you by your real name, being more formal. the email also has poor grammar
Examples
"risordare" should be "ricordare" (to remind).
"all i servizi" should be "tutti i servizi" (all the services).
"assosiat" should be "associati" (associated).
"nrótranno" should be "non potranno" (will not be able to). The "ró" character is not a correct Italian form.
"utіlіzzаtе" should be "utilizzati" to agree with the masculine plural noun "servizi."
"er linvio" should be "per l'invio" (for the sending).
the email also has a Sense of Urgency it telling me that the domain will "expire on 10/26/2025" and that it "will be deactivated", if not renewed by the following date "Due date 27/10/2025". A classic scam tactic.
the button link "RINNOA IL DOMINIO" is also revealing a phishing scam link https://www[dot]progressiveketamine[dot]com/arubapanel/web/login[dot]php (please try not click the link to open the address.)
https://www.virustotal.com/gui/url/afb5642f72aeb755e9d1feaa7114eaa49ebfb4b73760fa178ba8edd4669e97b5?nocache=1
however using real links on the guides and contact out support team
https://www.virustotal.com/gui/url/2eaa53029cb5d5060ce478294936db3b1d09b57e11f81cddcefda90bc75e1bbe - https://www.virustotal.com/gui/url/6477f69d04d1ed969f2e32f7ba2da86decbf6145991da16d3afe12908d3b9667
the big identifier is the email
the email is using a university email in Chile with the email ubo[dot]cl this is not normal for any company to send and i expect the university emails is compromised.
Hope this helps you bitdefender and hope that the information i gave will end this scam for good.
