A massive spam wave is targeting people worldwide, originating from unsecured Zendesk support systems. Victims have reported receiving hundreds of emails with strange and alarming subject lines since January 18th, according to a recent report by Bleeping Computer.Attackers are abusing Zendesk instances that allow unverified users to submit support tickets. These tickets automatically generate confirmation emails, which are then sent to an attacker-provided email address. By iterating through large lists of email addresses when creating fake support tickets, attackers have effectively turned these legitimate customer service systems into mass-spamming platforms. The Zendesk instances of companies including Discord, Tinder, Riot Games, Dropbox, and NordVPN have been impacted.The emails feature bizarre subjects, some mimicking law enforcement or corporate takedown notices, while others offer freebies or express distress, often using Unicode fonts for decoration. Because these messages originate from trusted company domains, they bypass standard spam filters, increasing their intrusiveness. Zendesk has introduced new safety features to combat this "relay spam" and advised organizations to restrict ticket creation to verified users.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




