A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and using Adobe Target, a legitimate A/B testing service, to help conceal credential theft and track victims, according to a technical analysis from Malwarebytes.
KEY FACTS
- Lure Email appears to be a business inquiry tied to LinkedIn and includes a signed contract.
- Payload The attachment is an HTML file disguised as a PDF with double extensions.
- Stealth The fake login page pre-fills the target’s email address.
- Routing Browser traffic is sent through Adobe Target at an omtrdc.net domain before reaching attacker infrastructure.
The message is short and professional, and the sender name and company exist. If a target opens the attachment, they see a LinkedIn-style login page with their email already filled in. After entering a password, they are redirected to the real LinkedIn site while the credentials are sent to a server controlled by the attackers.
The report says the campaign uses several layers of deception. The attachment is heavily obfuscated, and the use of Adobe infrastructure makes the network traffic look like it is going to a trusted service rather than a suspicious destination. That setup may also help the attackers track who clicked through and who submitted credentials.
Careful users may spot warning signs, including the mismatch between the sender identity and the company shown in the email. The disclosure says the attacks are cheap and scalable, and likely to keep circulating.
WHY IT MATTERS
The campaign shows how attackers can combine a familiar business lure with trusted services to reduce suspicion and collect credentials. It also reinforces the value of multi-factor authentication and signing in through official apps, direct website entry, or saved bookmarks.