People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines.
The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails.
While the messages do not appear to contain malicious links or obvious phishing attempts, the sheer volume and chaotic nature of the emails have made them highly confusing and potentially alarming for recipients.
The emails are being generated by support platforms run by companies that use Zendesk for customer service.
Attackers are abusing Zendesk's ability to allow unverified users to submit support tickets, which then automatically generate confirmation emails sent to the email address the attacker entered.
Because Zendesk sends automated replies confirming that a ticket was received, the attackers are able to turn these systems into a mass-spamming platform by interating through large lists of email addresses when creating fake support tickets.
Companies whose Zendesk instances were seen impacted include: Discord, Tinder, Riot Games, Dropbox, CD Projekt (2k.com), Maya Mobile, NordVPN, Tennessee Department of Labor, Tennessee Department of Revenue, Lightspeed, CTL, Kahoot, Headspace, and Lime.
Wave of spam coming from unsecured ZenDesk instances
Source: BleepingComputer
The emails have bizarre subjects, with some pretending to be law-enforcement requests or corporate takedowns, while others offer free Discord Nitro or say "Help Me!" Many are also written in Unicode fonts to bold or decorate the fonts in multiple languages.
... continue reading