Overview of the Spam Campaign
In early 2024 a fresh wave of spam began hitting inboxes worldwide. Recipients report receiving hundreds of automated messages with strange or alarming subject lines, seemingly generated from legitimate Zendesk support portals.
How the Abuse Works
Attackers target publicly exposed Zendesk ticket submission forms that allow unverified users to create tickets. When a ticket is submitted, Zendesk automatically sends a confirmation email to the address entered. By feeding large lists of email addresses into these forms, threat actors turn the support system into a massive spam relay.
Impact on Users and Companies
The rapid succession of emails can overwhelm users, erode trust in legitimate support communications, and increase the risk of phishing or malware attachment distribution. Companies with exposed Zendesk portals may inadvertently become part of a global spam network, damaging their reputation.
Zendesk's Response and Mitigations
Zendesk has announced new safety features designed to detect and block automated ticket submissions. The company states it is continuously improving its platform to protect users. However, the renewed activity suggests that attackers may still find ways to bypass these safeguards.
Recommendations for Organizations
To mitigate the risk, organizations should implement the following measures:
- Restrict ticket creation to authenticated users or require CAPTCHA verification.
- Monitor outgoing email volume from Zendesk for abnormal spikes.
- Enable Zendesk’s anti‑spam and rate‑limiting settings.
- Regularly audit public-facing support URLs for unintended exposure.
- Educate employees and customers to recognize suspicious confirmation emails.