PCAREY

We also received a malicious email that someone sent to support@company.zendesk.com.  It looked legit because it gets resent to our team via Zendesk, and was now an official ticket.  The links included in the malicious email were also included, while the URLS were not shown unless you hovered over the links.  The URLs were clearly malicious, and were asking to verify emails, most likely taking you to a page to reset your email, allowing the hackers access to your zendesk accounts.  I

It would be great to have a feature to 1) block links from unverified or all emails if the client chooses so  2) show the full link prior to having to hover over the link so users could see that it is clearly malicious  3) block email generated tickets from unverified domains   or 4) some other tool to identify spam or malicious email generated tickets.

This is a big risk to allow anyone to just spam our zendesk with malicious links without any mitigation.