How does online fraud happen?
Online scams are on the rise, often involving fraudulent access, stolen credentials, and payments to fake companies or organizations.
Most scams use emails or SMS messages that appear to come from trusted sources, such as banks, companies, or public institutions.
This type of fraud is known as phishing—a deceptive tactic where scammers impersonate legitimate entities to steal information. It operates insidiously and can be difficult to detect, especially if you’re unfamiliar with their methods.
However, phishing attempts share common warning signs that can help you identify fraudulent messages and protect yourself.
Recognizing a phishing email is the first step in defending yourself against online scams.
The alarm bells that ought to go off if something’s not right
Emails that create urgency or anxiety
Phishing emails often try to pressure you into acting quickly by triggering fear, urgency, or excitement. Be cautious if you receive messages like:
- A service is about to expire
- A warning about a missed payment
- A bank account is being closed
- You’ve won a prize
Be wary of messages where even the subject line includes exclamation marks, words in capitals, an urgent invitation or even an order to take action.
Emails asking for personal details or payments
Phishing emails almost always contain an invitation to act and, in most cases, request sensitive information such as passwords, usernames, bank account details or even credit card numbers.
Remember: no banking institution, company or manager will ask for sensitive data in an email, so watch out if this happens.
Emails containing mistakes
Although the content and form of phishing emails are increasingly accurate, they often contain grammatical, spelling or syntax errors that might arouse suspicion.
A strange tone in the wording and the form of the email is enough to trigger alarm bells.
Unexpected emails
Be cautious of emails asking you to confirm payments, renew services, or claim prizes—especially if you weren’t expecting them.
Scammers often predict what might interest you but can’t time their messages perfectly. If something seems off, always verify with a trusted source before taking action.
A phone call to your bank or the company that actually provides the service or checking your online account might be enough to put your mind at ease.
Emails with suspicious or unexpected attachments
If an unexpected email includes an attachment, be extra cautious—it could contain malware or a virus.
Never download or open attachments from unknown sources, especially if they have extensions like .exe, .vsb, .js, or .bat.
Phishers often use fraudulent email attachments to send malware or viruses, a phenomenon known as "malspam".
Emails sent from an unknown real sender
Even if an email looks like it’s from someone you know, always check the email header to verify the sender’s authenticity.
To do this, open the message and check the sender’s details—most email clients provide an option to expand sender information.
Need help? Learn how to view the details in your email provider.
Remember to check who the real sender of the email is: if you don't recognize them, it could well be a phishing email.
Emails with suspicious links and addresses
Phishing emails often contain buttons or links leading to fake websites designed to look like legitimate ones. These fraudulent pages trick you into entering personal details, which scammers then steal.
To check if a link is safe, hover over the link (without clicking) to preview the actual web address. The full URL will appear near the cursor or at the bottom of your screen.
Look closely at the domain name, for example: https://www.websitename.ext/pagename. Always be usre to verify the websitename.ext part—scammers often use similar-looking names to impersonate trusted companies.
Received a suspicious email? Here’s what to do next
Check your online account
Especially if the email you received concerns a payment that has been denied, renewing a service or incorrect invoices, before you click on anything in the email or follow any instructions, sign in to your account to check your orders or services.
For example, if you get an email saying that your Aruba services have not been renewed, sign in to your account to check the status of your orders, payments or active services.
If there aren't any notifications, status messages or evidence suggesting that the email might have been sent, it is definitely a phishing attempt.
Check Aruba’s announcements page
Phishing attempts can target anyone—including Aruba. Scammers often impersonate us, using our name and branding to deceive customers.
To protect you, we actively track and publish known phishing emails on our announcements page.
Wondering if an email is a phishing attempt? Enter the subject line in our search bar or browse our latest updates to see if it's already been reported.
Check an email
Report a suspicious email
Received an email that looks like it's from Aruba but seems suspicious? If it's not in our archive, report it to us.
By reporting, you help us keep our list up to date, protecting yourself and other customers from phishing attempts.
Report an email
Think you’ve fallen for a phishing scam? Here’s what to do
Stay calm and follow these steps to minimise the impact:
- Change your password immediately: If an online portal has been accessed without your authorization, update your password right away. Follow these best practices:
- Use unique passwords for each website or service. Avoid reusing passwords, especially for sensitive accounts like email or online banking.
- Opt for passphrases – Create short alphanumeric phrases that are easy to remember but hard to guess. Example: PaSSW0rd$icur4! rather than MarioRossi1965.
- Update passwords regularly and, if needed, use a password manager to securely generate and store them.
- Inform the relevant authorities, for example, the police.
- Run an antivirus and antimalware scan immediately if you've opened a suspicious attachment and your device has been infected with malware from a phishing email. Make sure you're using up-to-date security software from a reliable source.
- Notify the company or organization the phisher is impersonating. This helps them take action against the scam and prevent others from falling victim.
- Contact your bank right away if your financial details have been compromised. It’s best to block or freeze affected services, such as credit cards, checking accounts, or debit cards.
Phishing at a glance:
spot the signs, stay informed, report scams, and protect yourself
Aruba's commitment to protecting your security
Protecting your data is our top priority.
We work around the clock to ensure security through cutting-edge facilities, ongoing technical improvements, and awareness campaigns that help customers safeguard their data.
How we protect your security
Report online fraud and abuse
To fight online fraud, we’ve created a dedicated area in our support portal to identify, archive, and track fraud attempts made in our name. Customers can also report phishing emails, abuse, or other violations through a dedicated page, ensuring faster detection and resolution.
Check the announcements