Web services giant Aruba spoofed in major phishing scam - here's what to look out for to stay safe

• Cybercriminals spoofed Aruba using a stealthy, automated phishing framework with CAPTCHA and Telegram bots
• Phishing pages mimicked Aruba’s webmail portal, stealing credentials via fake service alerts
• Aruba’s large user base made it a high-value target for industrial-scale credential theft

Security researchers Group-IB have published details of a new scam targeting Aruba users which turned out to be a part of a “sophisticated phishing framework”.

The team found cybercriminals had created a “fully automated, multi-stage platform” providing both efficiency and stealth, employing CAPTCHA filtering to evade security scans, pre-fills victim data to increase credibility, and uses Telegram bots to exfiltrate stolen credentials and payment information.

The goal of the phishing kit is to achieve “industrial-scale credential theft”, Group-IB said, adding that it “drastically lowers” the technical barrier to entry, and enables less skilled actors to launch convincing campaigns at scale, and virtually overnight.