Zendesk abused in brand scams

Learn how hackers exploit Zendesk subdomains for phishing and scams, including pig butchering schemes. Discover Moxso's tips to stay protected.

24-01-2025 - 7 minute read. Posted in: cybercrime.

Zendesk abused in brand scams

Hackers exploiting Zendesk for brand impersonation

Cybersecurity researchers from CloudSEK have uncovered a concerning trend in the misuse of Zendesk—a popular customer service and support platform—to facilitate brand impersonation scams. Attackers use malicious emails to exploit Zendesk’s legitimate subdomain registration system, enabling hackers to create convincing fake pages under trusted brand names.

How hackers are exploiting Zendesk

Zendesk allows companies to set up custom subdomains to manage customer interactions seamlessly. However, cybercriminals have identified a loophole in this process. They register subdomains associated with well-known brands, leveraging Zendesk’s credibility to deceive users. By setting up phishing pages on these subdomains, attackers can trick victims into sharing sensitive information such as login credentials, financial details, or other personal data.

The primary goal of phishing is to deceive individuals into taking a specific action, such as clicking on a malicious link, downloading a harmful file, or providing confidential information. Malicious links often lead to malicious websites that can download malware or harvest user credentials.

Once a victim clicks on a malicious link or provides sensitive information, the attacker can use this information to gain unauthorized access to accounts, steal identities, or install malware on devices. Malicious websites play a crucial role in phishing attacks by tricking users into providing sensitive information through deceptive means.

What makes this tactic particularly dangerous is the inherent trust users place in Zendesk’s platform. Victims are more likely to engage with a phishing page hosted on a Zendesk subdomain due to its association with a legitimate brand. This trust factor increases the success rate of the scams.

The mechanics of the scam

Here’s how the scam typically unfolds:

  1. Subdomain registration: Attackers create a Zendesk account and register a subdomain that mimics a legitimate brand, such as “brand-support.zendesk.com.”

  2. Phishing page creation: The attackers design a convincing phishing page hosted on this subdomain, often replicating the brand’s official website or support portal.

  3. Victim targeting: Using phishing emails, social media ads, or other communication channels, scammers lure victims to the fake Zendesk subdomain. Learn more about how attackers tailor emails to deceive users in our guide on what is spear phishing.

  4. Data harvesting: Once users enter their information on the phishing page, it is captured by the attackers for malicious use, such as identity theft or financial fraud.

The rise of pig butchering and phishing scams

In addition to Zendesk abuse, another alarming tactic gaining traction is known as “Pig Butchering.” This term refers to long-term social engineering scams where attackers build trust with their victims over weeks or months, often posing as potential romantic partners or business associates. Once trust is established, victims are lured into fraudulent schemes, such as fake investment platforms or cryptocurrency scams.

The term “pig butchering” originates from the idea of “fattening” the victim with trust and promises before “slaughtering” them by stealing their assets. These scams are highly organized and can involve multiple actors, making them particularly hard to detect and prevent.

For a deeper dive into social engineering, discover how hackers use social engineering to manipulate and deceive their victims.

The implications for brands and users' login credentials

This exploitation of Zendesk subdomains and the rise of pig butchering scams pose significant risks to both brands and their customers:

  • For brands: The misuse of their identity on a trusted platform damages their reputation and erodes customer trust. Phishing threats can lead to significant financial and reputational damage for brands. Businesses may also face legal and financial repercussions if customers fall victim to these scams.

  • For users: Victims may suffer financial losses, identity theft, or unauthorized access to personal accounts. The convincing nature of these phishing pages and long-term social engineering tactics make it challenging for users to differentiate between legitimate and fraudulent activities

Moxso’s advice for staying protected

At Moxso, we understand the evolving nature of cyber threats and the importance of staying ahead of attackers. Here are some steps businesses and individuals can take to safeguard themselves.

For businesses:

  1. Monitor subdomains: Regularly audit Zendesk and other platforms for unauthorized subdomain registrations.

  2. Strengthen security: Implement stricter controls for subdomain creation, including verification and monitoring for suspicious activity. Additionally, consider implementing phishing protection solutions to monitor and block sophisticated phishing attacks.

  3. Educate customers: Inform customers about the risks of phishing and social engineering and how to verify legitimate support pages.

For users:

  1. Verify URLs: Always double-check the URL of customer support pages. Look for discrepancies or unusual subdomains.

  2. Beware of unsolicited communication: Be cautious when clicking on links in emails or messages that claim to be from customer support or unknown individuals.

  3. Report suspicious activity: If you encounter a fake Zendesk subdomain or suspect a pig butchering scam or phishing attempt, report it to the brand, platform, and relevant authorities immediately.

Recovery and damage control

If you fall victim to a phishing attack, it’s essential to act quickly to minimize the damage. Here are some steps to take:

  • Change your passwords: Immediately change the passwords for all affected accounts, especially those that may have been compromised.

  • Notify banks and relevant authorities: Contact your bank and other financial institutions to inform them of the potential breach.

  • Check your accounts: Review all your accounts for unauthorized transactions or changes.

  • Enable two-factor authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA, which requires a second form of verification to access your accounts. Learn more about why multi-factor authentication is important in our guide.

  • Track potential data or personally identifiable information (PII) leakage: Use a digital risk protection solution to search the dark web, criminal forums, or underground communities for leaked credentials or private data.

Taking these steps can help you regain control of your accounts and prevent further damage from the phishing attack.

Reporting phishing attacks

Reporting phishing attacks is crucial to combating these cyber threats. Here are some ways to report phishing attempts:

  • Report to the Federal Trade Commission (FTC): Visit the FTC’s website to file a report.

  • Notify internet service providers (ISPs): Inform your ISP about the phishing attack.

  • Report to an anti-phishing organization: Use platforms like the Anti-Phishing Working Group (APWG) to report phishing attempts.

  • Inform your organization: If the phishing attack occurred at work, notify your IT department or security team immediately.

By reporting phishing attacks, you can help authorities and organizations take action against cybercriminals and prevent future attacks.

Turning awareness into action

The abuse of Zendesk’s subdomain registration system and the rise of pig butchering scams underscore a growing trend in sophisticated cyber threats. Some common phishing attack examples include email spoofing and spear phishing, which are frequently used in these campaigns. Platforms, businesses, and users must work together to close these loopholes and stay vigilant against evolving tactics. As threat actors continue to innovate, awareness, education, and proactive security measures remain critical in the fight against cybercrime.If you’re curious to learn more about the different types of phishing, read our guide on what is phishing.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts