UPDATE: We have received reports of phishing attempts impersonating Zendesk communications and asking for API tokens. Zendesk will not send proactive requests to create or share API tokens. Please do not share API tokens over email.
We would like to bring to your attention a recent increase in malicious emails targeting Zendesk accounts. These emails are designed to phish for login information and may impersonate official Zendesk communications through similar language and imagery. Zendesk will never request your credentials via email, and Zendesk does not send tickets to your Zendesk account as a means of communication.
To help you recognize and avoid phishing attempts, you can review the following resources:
Consider also removing ticket comment placeholders from email notifications that fire at ticket creation. These can be used by spammers to distribute messages. For more information about placeholders, see this section in Securing sensitive information. For more information about triggers, you can review this article: About Zendesk triggers and how they work.
We urge you to exercise caution if you receive any messages requesting password resets or the sharing of credentials. If you encounter any issues accessing your account or require further assistance, contact Zendesk Customer Support.
Thank you for your attention to this important matter.