BACK TO NEWS
Breaking News

Zendesk Spam Resurgence: Unsecured Support Systems Flood Inboxes with Fake Activation Emails

2 min readSource: BleepingComputer

Global spam campaign exploits misconfigured Zendesk instances, sending hundreds of 'Activate account' emails to users. Learn how attackers abuse support platforms and how to secure them.

Zendesk Spam Campaign Returns, Overwhelming Users with Automated Emails

A new wave of spam is targeting inboxes worldwide, as threat actors exploit unsecured Zendesk support systems to flood users with automated emails. Recipients report receiving hundreds of messages with subject lines such as "Activate account...", often containing alarming or misleading content.

Technical Details of the Attack

The campaign leverages misconfigured Zendesk instances, which allow unauthenticated users to submit support tickets that trigger automated email notifications. Attackers abuse this functionality by:

  • Submitting bulk ticket requests via exposed Zendesk forms
  • Crafting subject lines designed to mimic legitimate account activation emails
  • Exploiting weak or absent rate-limiting controls on Zendesk deployments

Security researcher Ax Sharma first reported the resurgence of this tactic, noting that affected users—even those without prior Zendesk interactions—are being inundated with spam. The emails originate from legitimate Zendesk domains (e.g., @zendesk.com), making them harder to block without disrupting genuine support communications.

Impact and Risks

  • User Fatigue and Phishing Risks: The sheer volume of emails increases the likelihood of recipients engaging with malicious links or attachments in subsequent phishing attempts.
  • Reputation Damage: Organizations with exposed Zendesk instances risk brand erosion as users associate their domains with spam.
  • Operational Disruption: IT teams may face increased support tickets from confused users, diverting resources from critical tasks.

Mitigation and Recommendations

Security teams and Zendesk administrators should:

  1. Audit Zendesk Configurations: Ensure support forms require authentication or CAPTCHA challenges to prevent automated submissions.
  2. Implement Rate Limiting: Restrict the number of ticket submissions per IP address to mitigate bulk abuse.
  3. Monitor for Anomalies: Use Zendesk’s built-in analytics to detect unusual spikes in ticket volumes.
  4. Educate Users: Warn employees and customers about the spam wave and advise caution with unexpected "activation" emails.
  5. Review Email Filtering Rules: Temporarily adjust spam filters to quarantine emails with suspicious subject lines (e.g., "Activate account") from Zendesk domains.

Zendesk has not yet released an official statement addressing this specific campaign, but the company’s security best practices recommend enabling authentication and rate-limiting for public forms.

Original reporting by Ax Sharma for BleepingComputer.

Share

TwitterLinkedIn