LinkedIn Phishing Scam Abuses Adobe

A new phishing campaign uses fake LinkedIn emails and abuses Adobe infrastructure to steal user passwords before redirecting to the real site.

Cybercriminals have launched a phishing campaign that uses emails masquerading as business inquiries from LinkedIn. The emails prompt recipients to review a fake contract, which is hosted on Adobe's infrastructure to appear more legitimate. When a user clicks the link, they are taken to a credential-harvesting page designed to steal their login details. The email itself contains several red flags that can help identify it as malicious. These include clear mismatches between the sender's displayed name, the actual "from" email address, and the contact information provided in the email signature. This attack method is designed to exploit the recipient's trust in familiar platforms.

The significance of this attack lies in its use of trusted brands to increase its success rate. By abusing Adobe's infrastructure, the attackers can make their malicious links seem safe, potentially bypassing security filters that block more obvious threats. The campaign's final step—redirecting the victim to the official LinkedIn website after their password has been stolen—is a sophisticated touch. This redirection can prevent the user from immediately realizing their account has been compromised, giving the attackers more time to exploit the stolen credentials. This tactic makes the threat particularly relevant for security teams, IT departments, and any business professional who relies on LinkedIn for networking.

This phishing attack is highly deceptive because it abuses the trusted infrastructure of Adobe to deliver a fake LinkedIn login page, making it more likely to bypass security filters and trick users.

Compromised LinkedIn accounts can lead to data breaches, reputational damage, and further targeted attacks against an employee's organization. The use of trusted brands in the attack increases the risk of employees falling victim.