Hackers are exploiting Zendesk's platform to run sophisticated brand impersonation scams, tricking victims into sharing personal or financial information.
Cybercriminals have been spotted using Zendesk’s customer support platform to run fraudulent “pig butchering” scams. In this scheme, victims are tricked into investing money or sharing personal information over a longer period. Researchers from CloudSEK discovered that hackers create fake subdomains within Zendesk to pose as legitimate businesses and then send phishing emails to unsuspecting users.
Hackers use free trial accounts to build subdomains that appear credible. These subdomains send emails that often get around spam filters since they appear to come from a recognized service. The messages direct recipients to phishing sites disguised as customer support or investment platforms. Victims believe they are dealing with a trustworthy entity and share financial or personal details, which attackers use to steal funds or commit other forms of fraud.
CloudSEK notes that Zendesk’s system for email validation when adding subdomains is not rigorous enough. Malicious actors can quickly set up fake support portals, craft official-sounding messages, and fool recipients with seemingly legitimate branding.
The researchers explained that Zendesk’s lack of thorough user vetting allows scammers to impersonate well-known organizations. Emails from these subdomains look genuine, leading many people to trust the communication and click on embedded links or images.
Under CloudSEK's responsible disclosure policy, Zendesk has been informed of the vulnerability. However, the company has not yet shared its response, though it has been contacted for comment.
Scammers are exploiting trusted platforms like Zendesk to make their attacks more convincing, putting both consumers and businesses at risk. These schemes expose gaps in online security and trust, showing how easily criminals can misuse familiar tools. To tackle this growing problem, companies need to improve how they screen accounts, and users need to be cautious with unexpected messages, even from trusted platforms.
A subdomain is a subset of a main website domain, used to create a distinct web address (e.g., support.example.com under the domain example.com). Scammers use fake subdomains to make phishing sites appear legitimate.
Spam filters are tools that block or redirect suspicious or unsolicited emails from your inbox to protect you from scams or irrelevant content. However, scammers can bypass these filters by using trusted platforms like Zendesk.
Pig butchering is a scam where victims are groomed over time to build trust before being tricked into sharing money or sensitive information, often through investment or romance fraud.
Platforms like Zendesk are trusted by users, and emails sent from them often bypass spam filters, making it easier for hackers to appear credible and reach victims.
Look for unusual links, unexpected requests for personal information, grammatical errors, or mismatched branding. Verify the sender by contacting the legitimate company directly through official channels.