- Zendesk’s spam campaign continues despite new security features
- Attackers misuse support tickets to flood inboxes with strange, non-malicious emails
- Suspected DoS attack overwhelms Zendesk systems; the company admits that additional protection is needed
It seems that Zendesk’s recently introduced security features to deal with spam are not working because the bizarre spam campaign continues to this day.
Bleeping Computer reported users are once again being bombarded by dozens—even hundreds—of automated emails sent through various companies’ unsecured Zendesk support systems.
All emails are just weird – weird subject lines, weird content. They do not carry malware or links to phishing sites. Some people believe this is actually a Denial of Service (DoS) attack against Zendesk, which makes sense – if the company’s servers are overloaded and sending out fake emails, they can’t send legitimate ones.
To take steps to solve the problem
“Someone is DDoSing Zendesk support ticket systems and other account creation processes across the internet with my email right now. Anyone know what the attacker is hoping to achieve here?” wrote one user.
Zendesk is a customer service and support software platform that helps businesses manage customer communications. Among its features is the ability to allow unverified users to submit support tickets, which when done will automatically generate a confirmation email and send it to the email entered by the user.
The attacks were only discovered in late January 2026, when hackers went through huge lists of email addresses and created countless fake support tickets, turning Zendesk features into a mass spamming tool. Since emails originate from a legitimate Zendesk system, they bypass most spam filters and land directly in people’s inboxes.
At the time, the company told the media that it was tackling the problem by introducing new security features.
“We’ve introduced new security features to address relay spam, including improved monitoring and restrictions designed to detect unusual activity and stop it more quickly,” the company said. “We want to assure everyone that we are actively taking steps – and continuously improving – to protect our platform and users.”
It looks like Zendesk needs to take even more steps.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
