CX Today reported:
Zendesk’s Infrastructure Is Being Exploited by Phishing & “Pig Butchering” Scams.
In a nutshell, attackers are using the free trial to register brand-like subdomains to create convincing interfaces for phishing, data theft, and financial fraud.
Below is a brief summary of how the scam could work in practice:
Zendesk’s Infrastructure Is Being Exploited by Phishing & “Pig Butchering” Scams.
In a nutshell, attackers are using the free trial to register brand-like subdomains to create convincing interfaces for phishing, data theft, and financial fraud.
Below is a brief summary of how the scam could work in practice:
- Zendesk Account Setup: The attacker registers a Zendesk account using a subdomain that mimics the target company’s name.
- Fake Subdomain Creation: Admin access allows the attacker to invite users and send phishing emails disguised as legitimate ticket notifications.
- Phishing Setup: Invitations include links to phishing pages pretending to be support tickets.
- Data Collection: Tools like RocketReach help gather employee email addresses, targeting specific users for phishing.
- Exploitation: Zendesk’s lack of email verification enables attackers to send phishing links to any added email address.
Find the original article with more on this scam here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat