Hackers are abusing Zendesk to run brand impersonation scams

News
By
last updated

Zendesk's convenient features are great for hackers running pig butchering attacks

Phishing
(Image credit: wk1003mike / Shutterstock)
  • Security researchers observe hackers running pig butchering scams
  • They're impersonating legitimate businesses through Zendesk's services
  • The researchers said Zendesk's vetting system isn't thorough enough

Cybersecurity researchers CloudSEK have found criminals are abusing Zendesk to run brand impersonation scams, with hackers abusing simple program features to engage in “pig butchering” scams to trick people out of their money.

Zendesk allows users to register free trial accounts which, in turn, grant the ability to create subdomains, unfortunately allowing criminals to abuse it at scale.

First, they would create a fake subdomain, mimicking a legitimate company, which would be used to send phishing emails pretending to be actual customer support communication. Since Zendesk is a legitimate company, the emails often make it past spam filters and, disguised using accurate branding, land right into people’s inboxes. The emails apparently carry an image hyperlinked to a phishing page, where the scam continues.

Pig butchering

The goal of the scam is to get people investing in a fake investment platform or support page - a staple of pig butchering scams. The ruse is designed to last as long as possible, draining money from the victim until they realize they’ve been defrauded.

The problem, according to CloudSEK, is that Zendesk doesn’t perform thorough email validation when adding users to subdomains. “This oversight allows attackers to target employees or customers with phishing attempts masked as legitimate ticket assignments,” the researchers said.

Zendesk has been informed of the flaw and its potential for misuse, following CloudSEK's responsible disclosure policy, CloudSEK concluded.

We have reached out to the company and will update the article if we hear back.

Edit, January 23:

"Zendesk sees no evidence of any active campaigns utilizing the method described in the CloudSEK report," a spokesperson told TechRadar Pro via email. "Zendesk actively monitors the creation of accounts to prevent impersonation and immediately removes those that violate our policies."

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Representational image depecting cybersecurity protection

OpenSSH vulnerabilities could pose huge threat to businesses everywhere
Digital image of a lock.

Xerox printer security risk could let hackers sneak into your systems
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen

Windows 11 24H2 hasn’t raised the bar for the operating system’s CPU requirements, Microsoft clarifies
See more latest