Hackers are exploiting Zendesk's platform to run sophisticated brand impersonation scams, tricking victims into sharing personal or financial information.
What happened
Cybercriminals have been spotted using Zendesk’s customer support platform to run fraudulent “pig butchering” scams. In this scheme, victims are tricked into investing money or sharing personal information over a longer period. Researchers from CloudSEK discovered that hackers create fake subdomains within Zendesk to pose as legitimate businesses and then send phishing emails to unsuspecting users.
Going deeper
Hackers use free trial accounts to build subdomains that appear credible. These subdomains send emails that often get around spam filters since they appear to come from a recognized service. The messages direct recipients to phishing sites disguised as customer support or investment platforms. Victims believe they are dealing with a trustworthy entity and share financial or personal details, which attackers use to steal funds or commit other forms of fraud.
CloudSEK notes that Zendesk’s system for email validation when adding subdomains is not rigorous enough. Malicious actors can quickly set up fake support portals, craft official-sounding messages, and fool recipients with seemingly legitimate branding.
What was said
The researchers explained that Zendesk’s lack of thorough user vetting allows scammers to impersonate well-known organizations. Emails from these subdomains look genuine, leading many people to trust the communication and click on embedded links or images.
Under CloudSEK's responsible disclosure policy, Zendesk has been informed of the vulnerability. However, the company has not yet shared its response, though it has been contacted for comment.
The big picture
Scammers are exploiting trusted platforms like Zendesk to make their attacks more convincing, putting both consumers and businesses at risk. These schemes expose gaps in online security and trust, showing how easily criminals can misuse familiar tools. To tackle this growing problem, companies need to improve how they screen accounts, and users need to be cautious with unexpected messages, even from trusted platforms.
FAQs
What is a subdomain?
A subdomain is a subset of a main website domain, used to create a distinct web address (e.g., support.example.com under the domain example.com). Scammers use fake subdomains to make phishing sites appear legitimate.
What are spam filters?
Spam filters are tools that block or redirect suspicious or unsolicited emails from your inbox to protect you from scams or irrelevant content. However, scammers can bypass these filters by using trusted platforms like Zendesk.
What is pig butchering in scams?
Pig butchering is a scam where victims are groomed over time to build trust before being tricked into sharing money or sensitive information, often through investment or romance fraud.
Why do hackers use platforms like Zendesk?
Platforms like Zendesk are trusted by users, and emails sent from them often bypass spam filters, making it easier for hackers to appear credible and reach victims.
How can I identify phishing emails from subdomains?
Look for unusual links, unexpected requests for personal information, grammatical errors, or mismatched branding. Verify the sender by contacting the legitimate company directly through official channels.
Farah Amod
