What is happening?
Bad actors are sending spam emails via Zendesk. These emails look like legitimate contacts from companies who use Zendesk to communicate with their customers, and is a spam tactic known as relay spam.
Key points
- Your personal information was not accessed or exposed through Zendesk
- Customers can prevent relay spam by updating their Zendesk settings
- Zendesk is actively working to reduce spam and prevent new spam campaigns
I’m not a Zendesk customer or regular user, but I received a suspicious email via Zendesk. What do I need to know?
- A bad actor may have used your email address to create a fake support request (ticket) with a company that uses Zendesk for customer service or support.
- Zendesk automatically sends an email confirming receipt of new tickets. In this case, those emails might contain unusual or spam-like content.
- This confirmation email is the “attack vector” the bad actor uses to reach you. However, the bad actor does not have access to the ticket that was created.
- Your personal information was not accessed or exposed through Zendesk; the bad actor inserted your email address as the ticket requestor to attempt spam.
- We recommend ignoring or deleting any suspicious email. As always, it’s best to avoid clicking any links within or responding to suspicious emails.
I am a Zendesk customer or regular user. What do I need to know?
- This is not a Zendesk vulnerability, but a potential side effect when Zendesk is set to allow unverified users to submit requests. This configuration is not new; many Zendesk customers use it to streamline support workflows.
- To prevent your account from being used for relay spam, we recommend the following actions:
- Zendesk is committed to safeguarding your data and your reputation. We have been actively working to reduce spam and prevent new spam campaigns.
If you believe your account has been used to send spam or notice any unusual activity, please contact Zendesk Customer Support immediately:
- Call us at 1-888-851-9456, from 8am-6pm Eastern Time, Monday through Friday
- If you are a customer, log in to this website and either:
- Use the widget to connect with us
- Open a new ticket by clicking your Profile image > Submit a request
-
Customers can also connect with us in-product by clicking your Profile image > Get help, which opens the widget
Original announcement:
We would like to bring to your attention a recent increase in spam emails that appear to originate from Zendesk accounts.
The emails being received are ticket creation notifications from accounts using Zendesk to allow anyone to submit support requests, including anonymous end-users. These types of support tickets can be part of a customer’s workflow, where a prior verification is not required to allow them to engage and make use of the Support capabilities.
Requests that can be submitted in an anonymous manner can also make use of an email address of the submitter’s choice. However, this method can also be used for spam requests to be created on behalf of third-party email addresses. If an account has enabled the auto-responder trigger based on ticket creation, then this allows for the ticket notification email to be sent from our customers’ accounts to these third parties. The notification may also include the Subject added by the creator(s) of these tickets.
We have preventive measures in place to help reduce the likelihood of end-users receiving spam emails from their account. We highly encourage Zendesk customers to consider restricting access by performing the following actions:
In addition, we want to remind everyone to stay aware and security-minded. To help you recognize and avoid phishing attempts, you can review the following resources:
We encourage you to stay cautious if you receive any messages requesting password resets or account credentials. If you experience any issues accessing your account or need further assistance, please contact Zendesk Customer Support.