If your Zendesk account lets anyone submit tickets, abusive actors can use your support channels to send emails that try to convince your agents to act immediately.
These emails can impersonate real organizations like Zendesk and use urgent language to lure agents to click links and share sensitive data.
The workflow includes:
- Check the real sender of these tickets
- Check the language used in the ticket
- Immediately mark the ticket as spam, which will also suspend the requester
Check the real sender of these tickets
After a ticket is created in your account, open the user's profile tab in the ticket to view the sender's details:
Check the language used in the ticket
Templates used by these abusive actors often include typos and usually contain an urgent call to action that differs from previous emails received from that organization.
Common email subjects include:
Account Suspension NoticeVerify your account to prevent suspensionYour account will be suspendedUpdate your billing details
Common patterns in the email body include:
- Excess use alerts, for example, data storage, and API calls
- Threats of access loss unless you complete specific steps
- Immediate calls to action to restore access
- Buttons or links that lead to fake sign-in pages
Immediately mark the ticket as spam, which will also suspend the requester
To mark a ticket as spam:
- Open the ticket you want to mark as spam
-
Click the Ticket options menu in the upper right, then select Mark as spam
- Click Immediately mark as spam and the ticket will be deleted
If you are not sure the sender is legitimate, contact abuse@zendesk.com and attach the .eml file of the email you received.
About email fraud
If you let anyone submit tickets through all Zendesk channels, your account can receive unwanted or abusive tickets.
Abusive actors may use your support email to impersonate Zendesk or other organizations, as users don’t need prior verification to submit tickets. For a more secure option, see the article: Permitting only added users to submit tickets.