A widespread spam campaign is once again targeting global inboxes, with many users receiving automated messages from compromised company support systems. The messages appear as legitimate customer service notifications, often with subject lines like "Activate your account," despite recipients never having contacted these businesses. Security professionals and other individuals report receiving hundreds of these emails in rapid succession.
This event mirrors a similar large-scale spam wave that occurred in January. In that incident, attackers abused public-facing Zendesk ticket forms to trigger automatic confirmation emails to vast address lists. The fraudulent emails bypass typical spam filters because they originate from genuine corporate Zendesk instances.
Following the earlier campaign, Zendesk stated it had implemented new protective measures to identify and halt such relay spam. The company had advised its customers to configure their systems to restrict ticket submissions to verified users only. However, this new wave of spam indicates that attackers may have found ways to circumvent those safeguards.
The apparent goal is to flood targeted email addresses with a high volume of messages. As of now, Zendesk has not publicly commented on this renewed abusive activity.
Read more...