A new report from CloudSEK reveals threat actors are leveraging Zendesk’s free trial to create convincing phishing campaigns.
Zendesk offers a free trial for its platform, allowing users to register custom subdomains. While this feature is designed to empower legitimate businesses, it has been co-opted by threat actors. According to the report, “several clients have been alerted to such suspicious domains in the past 6 months, through XVigil’s Fake URL’s & Phishing Submodule.” These subdomains mimic the names of legitimate brands by combining brand-related keywords with numeric strings to deceive unsuspecting users.
Although no active campaigns have been documented yet, CloudSEK’s analysts have demonstrated a potential attack method. Dubbed the “Bait & Switch Mode,” the tactic involves:
- Subdomain Registration: Attackers register Zendesk subdomains mimicking a target company’s branding.
- Phishing Page Integration: These subdomains are customized to include phishing pages disguised as ticketing systems or support forms.
- Exploitation of Email Trust: Zendesk-generated emails land directly in recipients’ primary inboxes, bypassing spam filters due to their perceived legitimacy.
One scenario involved sending a phishing page disguised as a ticket assignment email. The report noted, “All email correspondence (tickets) landing on the Primary Inbox, instead of being marked as spam. This is pretty worrisome, as employees can mistake orchestrated campaigns of similar vein to be circulated by a trusted authority.”
The primary objective of these attacks is to steal sensitive information such as login credentials or financial data. This can lead to significant financial losses and reputational damage for both individuals and organizations.
CloudSEK urges organizations and individuals to remain vigilant. Blacklisting unknown Zendesk instances and educating employees about common phishing tactics can help mitigate the risk.
Related Posts:
- $50,000 Bounty: Researcher Reveals Critical Zendesk Email Spoofing Flaw (CVE-2024-49193)
- British police trial new mobile fingerprint device: identify criminals within 1 minute
- Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries
- Palo Alto Networks’ Unit 42 Reveals a New Cyber Threat in China: Financial Fraud APKs
