Zendesk anonymous support-request email-bomb campaign
Campaign
Summary
Hide ▲
Show ▼
Cybercriminals are running a Zendesk abuse campaign that floods targeted inboxes with threatening ticket notifications, turning a legitimate support workflow into an email-bombing channel. The messages appear to come from hundreds of Zendesk corporate customers at once, including brands such as Discord, NordVPN, and The Washington Post. The abuse matters because it can sully sender reputations, overwhelm inboxes, and relies on customer setups that accept unverified users.
Related Happenings
Zendesk relay spam wave abusing fake support tickets
Campaign
First: 22.01.2026 01:46
Last: 22.01.2026 01:46
Sources 1
About this happening:
A **global spam wave** is abusing **Zendesk support systems** to flood recipients with automated confirmation emails, bypassing spam filters and creating widespread confusion. The...
Zendesk relay spam wave abusing fake support tickets
CampaignAbout this happening: A **global spam wave** is abusing **Zendesk support systems** to flood recipients with automated confirmation emails, bypassing spam filters and creating widespread confusion. The...
Scattered Lapsus$ Hunters Zendesk targeting campaign
Campaign
First: 27.11.2025 11:30
Last: 27.11.2025 11:30
Sources 1
About this happening:
The **Scattered Lapsus$ Hunters** campaign is targeting **Zendesk users** with **typosquatted domains** and **malicious helpdesk tickets**, raising the risk of **credential theft*...
Scattered Lapsus$ Hunters Zendesk targeting campaign
CampaignAbout this happening: The **Scattered Lapsus$ Hunters** campaign is targeting **Zendesk users** with **typosquatted domains** and **malicious helpdesk tickets**, raising the risk of **credential theft*...
UpCrypter phishing campaign using fake voicemails and purchase orders
Campaign
First: 25.08.2025 19:04
Last: 25.08.2025 19:04
Sources 1
About this happening:
**UpCrypter** is being pushed through a **new phishing campaign** that uses **fake voicemails** and **purchase orders** to lure recipients into downloading malicious content. The...
UpCrypter phishing campaign using fake voicemails and purchase orders
CampaignAbout this happening: **UpCrypter** is being pushed through a **new phishing campaign** that uses **fake voicemails** and **purchase orders** to lure recipients into downloading malicious content. The...
Timeline
-
17.10.2025 14:26 2 articles · 7mo ago
Zendesk anonymous ticket abuse floods targeted inboxes
Initial DisclosureCybercriminals abuse Zendesk customer support workflows that allow anonymous ticket creation to send thousands of ticket notification emails into targeted inboxes, with messages appearing to come from customer domains such as [email protected] and brands including CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder. Zendesk says the abuse affects customer accounts configured to allow anyone to submit support requests, and it is actively investigating additional preventive measures while advising authenticated ticket creation workflows and validation of support-request email addresses.
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26