Individuals worldwide are being focused by a large spam wave originating from unsecured Zendesk assist programs, with victims reporting receiving a whole lot of emails with unusual and typically alarming topic strains.
The wave of spam messages began on January 18th, with individuals reporting on social media that they acquired a whole lot of emails.
Whereas the messages don’t seem to include malicious hyperlinks or apparent phishing makes an attempt, the sheer quantity and chaotic nature of the emails have made them extremely complicated and probably alarming for recipients.
The emails are being generated by assist platforms run by firms that use Zendesk for customer support.
Attackers are abusing Zendesk’s means to permit unverified customers to submit assist tickets, which then routinely generate affirmation emails despatched to the e-mail tackle the attacker entered.
As a result of Zendesk sends automated replies confirming {that a} ticket was acquired, the attackers are in a position to flip these programs right into a mass-spamming platform by interating by way of massive lists of e-mail addresses when creating pretend assist tickets.
Corporations whose Zendesk cases have been seen impacted embrace: Discord, Tinder, Riot Video games, Dropbox, CD Projekt (2k.com), Maya Cellular, NordVPN, Tennessee Division of Labor, Tennessee Division of Income, Lightspeed, CTL, Kahoot, Headspace, and Lime.
Supply: BleepingComputer
The emails have weird topics, with some pretending to be law-enforcement requests or company takedowns, whereas others supply free Discord Nitro or say “Assist Me!” Many are additionally written in Unicode fonts to daring or adorn the fonts in a number of languages.
Examples embrace:
- FREE DISCORD NITRO!!
- TAKE DOWN ORDER NOW FROM CD Projekt
- LEGAL NOTICE FROM ISRAEL FOR koei Tecmo
- TAKE DOWN NOW ORDER FROM Israel FOR Sq. Enix
- DONATION FOR State Of Tennessee CONFIRMED
- LEGAL NOTICE FROM State Of Louisiana FOR Digital
- 鶊坝鱎煅貃姄捪娂隌籝鎅熆媶鶯暘咭珩愷譌argentine恖
- Re: TAKE DOWN NOW ORDER FROM CHINA FOR Konami Digital Entertainme
- IMPORTANT LAW ENFORCEMENT NOTIFICATION FROM DISCORD FROM Peru
- Thanks on your buy!
- Assist Me!
- Empty titles
As a result of the emails come from authentic firms’ Zendesk assist programs, they’re bypassing spam filters, making them extra intrusive and alarming than odd spam mail. Nonetheless, because the emails do not include phishing hyperlinks, they seem like designed to troll recipients somewhat than to interact in malicious habits.
A number of firms have confirmed they have been affected by the spam wave, together with DropBox and 2K, who responded to tickets to inform recipients not be involved and to disregard the emails.
“You might have not too long ago acquired an automatic response or notification relating to a assist ticket that you simply didn’t submit. We need to make clear why this may need occurred and guarantee you there is no such thing as a trigger for concern,” wrote 2K.
“To take away obstacles and improve your expertise, our system permits anybody to submit a assist ticket, present suggestions, and report bugs with out having to join a devoted assist account and confirm their e-mail tackle. This open coverage signifies that anybody can probably submit a ticket utilizing any e-mail tackle.”
“Please relaxation assured that we don’t act on any account or course of delicate requests with out authenticated, direct instruction from the account holder.”
Zendesk advised BleepingComputer which have launched new security options on their finish to detect and cease this kind of spam sooner or later.
“We have launched new security options to handle relay spam, together with enhanced monitoring and limits designed to detect uncommon exercise and cease it extra rapidly,”
“We need to guarantee everybody that we’re actively taking steps – and repeatedly bettering – to guard our platform and customers.”
Zendesk beforehand warned prospects about this sort of abuse in a December advisory, explaining that attackers have been utilizing Zendesk to ship mass spam emails by way of what it referred to as “relay spam.”
The corporate says that organizations can forestall this kind of abuse by limiting ticket creation to solely verified customers and eradicating placeholders that permit any e-mail addresses or ticket topic for use.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and evaluate their priorities as they head into 2026.
Learn the way prime leaders are turning funding into measurable impression.
