Sign Here, Get Phished: Inside an Adobe Sign Lure With a Multi-Hop Redirect to Credential Theft

A high-risk phishing campaign impersonating Adobe Sign used mixed Adobe/AdobeSign CTAs and multi-hop proxied redirects to land victims on a credential-harvesting page at the privacy-masked domain fameklinik.com (registered 2022); IRONSCALES' Adaptive AI detected and quarantined the message before credentials were captured, and the report lists the harvesting domain, WHOIS privacy, branding inconsistencies, external first-time sender, and MITRE techniques T1566.001, T1036.005, and T1204.001 as key indicators.