Cybersecurity researchers have uncovered a phishing campaign in which cybercriminals are using fake LinkedIn business emails and abusing Adobe infrastructure to steal user passwords.
According to reports, the phishing emails are designed to appear as legitimate business inquiries received through LinkedIn. The messages typically include what appears to be a contract attachment intended to trick users into opening a malicious file.
Experts said the emails contain several warning signs, including mismatched sender names, suspicious email addresses and attachments using double file extensions such as “pdf.html”.
Fake login page steals passwords
Researchers found that the attachment actually contains heavily obfuscated JavaScript code designed to open a fake LinkedIn login page inside a browser window.
Victims are reportedly shown a login form with their email address already filled in, making the page appear more convincing.
Once users enter their passwords, the stolen credentials are sent to an external server hosted on a Russian domain before victims are redirected to the legitimate LinkedIn website to avoid suspicion.
Adobe infrastructure misused in attack
Network analysis reportedly revealed that the attackers were abusing infrastructure linked to Adobe Target, a marketing and A/B testing platform, as part of the phishing flow.
Researchers clarified that Adobe systems were not directly stealing credentials but were being misused by attackers as redirect points to track victims and make the phishing process appear more legitimate.
Cybersecurity experts warned that such attacks remain dangerous because they are inexpensive, scalable and difficult for ordinary users to detect.
Users have been advised to avoid opening suspicious attachments, carefully check file extensions, enable multi-factor authentication and access websites only through official apps or directly typed URLs