Emergency Response: Zendesk Ticket Systems Under Siege in Global Spam Attack

Massive Spam Wave Targeting People Worldwide

Individuals across the globe are currently facing a significant spam onslaught originating from unsecured Zendesk support systems. Reports indicate that victims are inundated with hundreds of emails featuring peculiar and, at times, alarming subject lines.

The onslaught of spam began on January 18th, with recipients taking to social media to share their experiences of receiving an overwhelming volume of emails.

Although the messages do not contain malicious links or clear phishing attempts, the sheer quantity and chaotic nature of the emails have left recipients confused and potentially anxious.

The spam emails are being generated through support platforms operated by companies utilizing Zendesk for customer service.

Attackers are exploiting Zendesk’s feature allowing unverified users to submit support tickets, which in turn trigger automated confirmation emails sent to the email addresses provided by the attacker.

By leveraging Zendesk’s automated reply system confirming ticket reception, attackers are able to transform these systems into mass-spamming tools by cycling through extensive lists of email addresses when creating fraudulent support tickets.

Notable companies impacted by this spam wave include Discord, Tinder, Riot Games, Dropbox, CD Projekt (2k.com), Maya Mobile, NordVPN, Tennessee Department of Labor, Tennessee Department of Revenue, Lightspeed, CTL, Kahoot, Headspace, and Lime.

The emails feature bizarre subject lines, some masquerading as law enforcement requests or corporate takedown notices, while others promise free Discord Nitro subscriptions or cry out “Help Me!” Many emails also utilize Unicode fonts to embellish or emphasize text in various languages.

Sample subject lines include:

• FREE DISCORD NITRO!!
• TAKE DOWN ORDER NOW FROM CD Projekt
• LEGAL NOTICE FROM ISRAEL FOR koei Tecmo
• TAKE DOWN NOW ORDER FROM Israel FOR Square Enix
• DONATION FOR State Of Tennessee CONFIRMED
• LEGAL NOTICE FROM State Of Louisiana FOR Electronic
• 鶊坝鱎煅貃姄捪娂隌籝鎅熆媶鶯暘咭珩愷譌argentine恖
• Re: TAKE DOWN NOW ORDER FROM CHINA FOR Konami Digital Entertainme
• IMPORTANT LAW ENFORCEMENT NOTIFICATION FROM DISCORD FROM Peru
• Thank you for your purchase!
• Help Me!
• Empty titles

Given that the emails originate from legitimate companies’ Zendesk support systems, they easily bypass spam filters, rendering them more intrusive and disconcerting than typical spam. However, lacking phishing links, the emails seem designed more to taunt recipients than to engage in malicious activities.

Several companies, including DropBox and 2K, have acknowledged being affected by the spam wave. They have responded to tickets to reassure recipients not to worry and to disregard the emails.

2K stated, “You may have recently received an automated response or notification regarding a support ticket that you did not submit. We want to clarify why this might have happened and assure you there is no cause for concern.”

“To remove barriers and enhance your experience, our system allows anyone to submit a support ticket, provide feedback, and report bugs without having to sign up for a dedicated support account and verify their email address. This open policy means that anyone can potentially submit a ticket using any email address.”

“Please rest assured that we do not act on any account or process sensitive requests without authenticated, direct instruction from the account holder.”

Zendesk informed BleepingComputer that they have implemented new security features to detect and prevent such spam in the future.

“We’ve introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly,”

“We want to assure everyone that we are actively taking steps – and continuously improving – to protect our platform and users.”

Zendesk had previously cautioned customers about this type of abuse in a December advisory, explaining that attackers were exploiting Zendesk to disseminate mass spam emails through what they termed “relay spam.”

The company advises organizations to mitigate such abuse by restricting ticket creation to verified users only and eliminating placeholders that permit the use of any email address or ticket subject.

It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.

Discover how top leaders are translating investment into measurable impact.

Download Now