Cybercriminals have exploited Zendesk's support platform to launch a massive spam campaign, inundating users with unsolicited emails. This attack has impacted numerous organizations, including major companies such as Discord, Tinder, Riot Games, Dropbox, CD Projekt, NordVPN, and various government departments. (bleepingcomputer.com)
The attackers took advantage of Zendesk's feature that allows unverified users to submit support tickets, which then automatically generate confirmation emails sent to the specified address. By creating numerous fake support tickets, they turned this functionality into a mass-spamming tool. The emails, originating from legitimate Zendesk systems, bypassed most spam filters and landed directly in recipients' inboxes. Some individuals reported receiving hundreds of such emails in a short period. (bleepingcomputer.com)
The content of these spam emails varied, with subject lines like "FREE DISCORD NITRO!!" and "LEGAL NOTICE FROM ISRAEL FOR koei Tecmo." Notably, these messages did not contain malware or phishing links but were designed to flood inboxes with irrelevant content. (bleepingcomputer.com)
In response to this issue, Zendesk has implemented new safety features to address relay spam. These include enhanced monitoring and limits designed to detect unusual activity and stop it more quickly. The company emphasized its commitment to continuously improving the platform's security to protect users. (bleepingcomputer.com)
Users are advised to ignore or delete suspicious emails and avoid clicking on any links or responding to such messages. Zendesk recommends that organizations restrict ticket creation to verified users and remove placeholders that allow any email addresses or ticket subjects to be used. (bleepingcomputer.com)
This incident underscores the importance of configuring support platforms securely to prevent abuse and protect users from spam and other malicious activities.