What happened
A new wave of spam emails leveraging Zendesk systems has been reported, sending users fraudulent “activate account” messages in high volume. According to the report, recipients began receiving unsolicited emails that appeared to originate from Zendesk-powered infrastructure, instructing them to activate or confirm accounts through embedded links. While the messages mimicked legitimate service notifications, they contained malicious URLs that could lead to credential harvesting or other unwanted outcomes if followed. Security observers noted that the spam campaign relied on abusing Zendesk’s email ticketing and notification system to improve deliverability and evade simple spam filters, resulting in widespread inbox flooding. There was no indication the underlying Zendesk platform was breached; rather, threat actors appeared to be using misconfigured or abused integration points to send the prolific volume of triggering messages.
Who is affected
Users receiving the unsolicited “activate account” emails are affected, as engagement with the deceptive messages may expose them to credential theft or other malicious actions prompted by the embedded links.
Why CISOs should care
Spam campaigns that exploit trusted ticketing and notification infrastructure like Zendesk can bypass traditional filters and increase the likelihood of user interaction with malicious content, elevating credential and phishing risk organization-wide.
3 practical actions
- Enhance email filtering rules. Update spam and phishing detection policies to identify Zendesk-related abuse patterns.
- Educate users on deceptive messages. Inform stakeholders about discerning legitimate activation messages from spoofed ones.
- Monitor integration use. Review how support and notification systems are configured to prevent abuse for mass mailing.