Recent searches
No recent searches
Phishing Warning for other Admins
Posted Mar 22, 2023
We have seen a sharp increase in Phishing tickets into our Zendesk over the last few weeks.
The latest scenario is where they set the reply to address using a legitimate system user.
The from address will be a hijacked domain.
Example:
From: contact@somebuiness.com
Reply to: zendeskadmin@yourbuiness.com
Subject: Please change your Password
Body: Text and link to capture your password
Zendesk will create the ticket and set the requester as zendeskadmin@yourbuiness.com which could be a real agent/admin in the system.
The only warning the ticket will show is at the very bottom of the chain, which is tiny, not in colour, no bold, no warning images, nothing else in the ticket. If the chain is long this could easily be pushed down out of view of the agent.
We already have Authenticate emails received with SPF, DKIM, and DMARC alignment enabled.
I was even able to test this using my gmail email address, setting an agents email as the reply to and the ticket came in under the agent.
Zendesk need to take this seriously and look at improving the warnings or have options for admins to suspend where the from and reply to are different for review.
4
1 comment
Denise Sehlmeyer
We had the same thing happen to us. And due to it being only a 'tiny warning' at the bottom and not going into suspended tickets, it came in to our agent workspace where agents saw it. Luckily our agents are well trained and notified us & security that this happened. Would love to see the resolution requested above
0