- Zendesk spam campaign persists despite new safety features
- Attackers abuse support ticket confirmations to flood inboxes with strange, non-malicious emails
- Suspected DoS attack overwhelms Zendesk systems; company admits further protections are needed
It appears Zendesk’s newly introduced safety features to address spam aren’t working, because the bizarre spam campaign has continued to this day.
BleepingComputer reported users are once again being bombarded by dozens, hundreds even – of automated emails being sent through various companies’ unsecured Zendesk support systems.
All of the emails are just strange – strange subject lines, strange content. They are not carrying malware, or links to phishing pages. Some people think this is actually a Denial of Service (DoS) attack against Zendesk which makes sense – if the company’s servers are overloaded sending out bogus emails, they can’t send out legitimate ones.
Taking steps to address the problem
“Someone is DDoSing Zendesk support ticketing systems and other account creation processes across the internet with my email right now. Anyone know what the attacker is hoping to achieve here?”, a user posted.
Zendesk is a customer service and support software platform that helps companies manage customer communication. Among its features is the ability to allow unverified users to submit support tickets which, when that happens, automatically generates a confirmation email and sends it to the email that the user entered.
The attacks were first spotted in late January 2026, when hackers went through huge lists of email addresses and created countless fake support tickets, turning Zendesk features into a mass-spam tool. Since the emails originate from a legitimate Zendesk system, they pass most spam filters, and land directly in people’s inboxes.
At the time, the company told the media that it tackled the problem by introducing new safety features.
“We’ve introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly,” the company said. “We want to assure everyone that we are actively taking steps – and continuously improving – to protect our platform and users.”
It would appear that Zendesk needs to take even more steps.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/dF4gmkNpyFwdbj6CamskJS-970-80.jpg
Source link
