Email security

Unsecured Zendesk systems fuel massive global spam wave

Scam fraud security warning crime internet technology phishing online alert digital risk protection threat background with danger message spam cyber concept hacking attack email sms caution symbol

A massive spam wave is targeting people worldwide, originating from unsecured Zendesk support systems. Victims have reported receiving hundreds of emails with strange and alarming subject lines since January 18th, according to a recent report by Bleeping Computer.

Attackers are abusing Zendesk instances that allow unverified users to submit support tickets. These tickets automatically generate confirmation emails, which are then sent to an attacker-provided email address. By iterating through large lists of email addresses when creating fake support tickets, attackers have effectively turned these legitimate customer service systems into mass-spamming platforms. The Zendesk instances of companies including Discord, Tinder, Riot Games, Dropbox, and NordVPN have been impacted.

The emails feature bizarre subjects, some mimicking law enforcement or corporate takedown notices, while others offer freebies or express distress, often using Unicode fonts for decoration. Because these messages originate from trusted company domains, they bypass standard spam filters, increasing their intrusiveness. Zendesk has introduced new safety features to combat this "relay spam" and advised organizations to restrict ticket creation to verified users.

Source: Bleeping Computer

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds