TLDR
Cybercriminals are running a LinkedIn phishing campaign that uses fake business inquiry emails carrying a malicious "contract" attachment. The HTML attachment opens an obfuscated login form that hardcodes the victim's email address and...
Como funciona
Cybercriminals are running a LinkedIn phishing campaign that uses fake business inquiry emails carrying a malicious "contract" attachment. The HTML attachment opens an obfuscated login form that hardcodes the victim's email address and...
Señales de alerta
- : Double file extension on the attachment (e.g. pdf.html ) disguising a phishing page Sender name, email address, and signature do not match
- the named company does not operate in the stated country After submitting credentials you are silently redirected to the legitimate site while data is exfiltrated in the background
Qué hacer
- 1: Never open unsolicited attachments
- 2access LinkedIn only through the official app or by typing the URL directly into your browser Verify file extensions in your file explorer and enable multi factor authentication on LinkedIn and email accounts Use a real time anti malware solution with web protection and report suspicious "business inquiry" emails to your IT team or p
Fuente
malwarebytes
Fuente verificada por Mythos Forensic Team
https://www.malwarebytes.com/blog/threat-intel/2026/05/fake-linkedin-emails-abuse-adobe-to-track-victimsFAQ
Es Fake LinkedIn phishing emails abuse Adobe infrastructure to steal passwords una estafa real?
Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.
Cuales son las primeras senales?
: Double file extension on the attachment (e.g. pdf.html ) disguising a phishing page Sender name, email address, and signature do not match; the named company does not operate in the stated country After submitting credentials you are silently redirected to the legitimate site while data is exfiltrated in the background
Que debo hacer primero?
: Never open unsolicited attachments; access LinkedIn only through the official app or by typing the URL directly into your browser Verify file extensions in your file explorer and enable multi factor authentication on LinkedIn and email accounts Use a real time anti malware solution with web protection and report suspicious "business inquiry" emails to your IT team or p
Puede LegalAudit revisar mi caso?
Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.