- Gen AI ROI falls short of expectations, but belief persists
- Finally, a luxury soundbar that's compact and delivers immersive audio (and it's $300 off)
- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks
A new report by security researchers has revealed how Zendesk’s platform can be exploited to facilitate phishing attacks and investment scams, such as romance baiting schemes.
The findings emphasize social engineering vulnerabilities that could allow malicious actors to impersonate trusted companies and put users at risk of data theft and financial loss.
CloudSEK’s analysis, published on January 20, shows that Zendesk’s system, which allows users to register free subdomains during trial sign-ups, can be manipulated to create URLs resembling legitimate companies. Attackers can then use these subdomains to deliver phishing emails disguised as customer support tickets or other legitimate interactions.
The security firm said that since 2023, it had identified 1912 instances of Zendesk subdomains matching client keywords.
The report highlights that while many instances serve legitimate purposes, some are being registered for malicious activities, including impersonation and scams. Common tactics include using keywords tied to the target brand along with numeric strings to appear authentic.
Zendesk does not verify email addresses for added users, making it possible for attackers to send phishing emails to both corporate and personal accounts.
Additionally, emails from Zendesk subdomains often bypass spam filters and land directly in primary inboxes. This increases the likelihood of victim engagement. Attackers can also customize Zendesk’s Help Center pages to mimic actual companies, further enhancing the authenticity of phishing schemes.
Read more on how phishing schemes target users: Phishing Click Rates Triple in 2024
Risk Mitigation Recommendations
The report warns of significant risks, including unauthorized access to sensitive customer data, financial losses from fraudulent schemes and compliance issues if customer data is exposed.
To mitigate these risks, CloudSEK advises:
-
Blacklisting unfamiliar Zendesk subdomains
-
Leveraging Fake URL and Phishing detection security solutions for proactive detection and takedown
-
Conducting regular employee training on phishing awareness
CloudSEK has disclosed these findings to Zendesk and recommended measures to address the vulnerabilities.
While no active campaigns have been observed using this method, organizations are urged to act preemptively to safeguard their operations and customers.
