A new wave of spam is flooding inboxes globally, with users reporting a resurgence of automated emails generated through companies' unsecured Zendesk support systems. Recipients are receiving hundreds of messages with unusual subject lines, appearing to originate from various businesses, as reported by Bleeping Computer.The spam campaign involves attackers exploiting Zendesk ticket submission forms to send emails to vast lists of addresses. This method allows the malicious emails to bypass spam filters by appearing as legitimate automated replies from customer support portals. Users are receiving these messages in rapid succession, often with subjects like "Activate your account," even if they have never interacted with the companies. This mirrors a similar incident in January where threat actors used exposed Zendesk portals as spam relays. Companies like Dropbox and 2K were affected previously, advising users to ignore the messages.The renewed activity indicates that attackers may still be able to exploit vulnerable Zendesk configurations despite security measures implemented by Zendesk. This highlights the ongoing challenge of securing third-party platforms and the need for businesses to regularly review and restrict access to their support systems. Companies are advised to limit ticket creation to verified users and remove placeholders that allow arbitrary email addresses and subjects to prevent such abuse.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




