A new security report by CloudSEK highlights how attackers can exploit Zendesk’s platform to facilitate phishing attacks and investment scams, including romance baiting schemes. According to the analysis, Zendesk’s system, which allows users to create free subdomains during trial sign-ups, can be manipulated to resemble legitimate businesses. This vulnerability enables cybercriminals to create fake URLs that mimic real companies, giving them the opportunity to send phishing emails disguised as customer support messages or other trusted communications. As a result, users are at increased risk of falling victim to data theft and financial loss.
The report reveals that since 2023, CloudSEK has identified over 1,900 instances of Zendesk subdomains being registered with client keywords.
While many of these subdomains serve legitimate purposes, some have been abused by attackers for fraudulent schemes. By using brand-relevant keywords paired with numeric strings, attackers can make their malicious sites appear authentic. The lack of email verification for added users within Zendesk also allows attackers to send phishing emails directly to both corporate and personal inboxes, increasing the chances of successful engagement. These emails often bypass spam filters, making them more likely to land in primary inboxes.
Moreover, attackers can customize Zendesk’s Help Center pages, further enhancing the authenticity of their phishing attempts. The report emphasizes the serious risks associated with these vulnerabilities, including unauthorized access to sensitive customer data, financial loss from scams, and potential compliance issues if customer information is exposed. The use of these subdomains can enable attackers to impersonate legitimate companies effectively, undermining trust and exposing users to substantial harm. The combination of these factors makes Zendesk’s platform an attractive target for cybercriminals.
CloudSEK has disclosed its findings to Zendesk and recommended several risk mitigation strategies. These include blacklisting unfamiliar Zendesk subdomains, leveraging phishing and fake URL detection tools, and regularly training employees on phishing awareness. While no active campaigns using these tactics have been observed yet, the report urges organizations to act proactively to secure their operations and protect their customers. By addressing these vulnerabilities, businesses can reduce the likelihood of falling victim to such attacks.