- CloudSEK security researchers have observed hackers engaging in pig butchery scams.
- They pose as legitimate businesses through Zendesk services
- Researchers said Zendesk’s verification system wasn’t comprehensive enough
A new report from cybersecurity researchers CloudSEK has found that cybercriminals are abusing Zendesk to run brand impersonation scams, with hackers abusing Zendesk’s simple features to engage in “pig butchery” scams and cheat people out of their money.
Zendesk is a customer service and engagement platform that helps businesses manage customer interactions across different communication channels.
The platform allows users to register free trial accounts which, in turn, offer the ability to create subdomains, unfortunately allowing criminals to abuse them on a large scale.
Pig slaughter
First, they would create a fake subdomain, imitating a legitimate business, which would be used to send phishing emails pretending to be real customer support communications.
Since Zendesk is a legitimate company, emails often get past spam filters and, disguised by precise branding, land directly in people’s inboxes. The emails apparently contain an image hyperlinked to a phishing page, where the scam continues.
The aim of the scam is to trick people into investing in a fake investment platform or support page – a staple of pig butchery scams. The ruse is designed to last as long as possible, draining the victim’s money until they realize they have been defrauded.
The problem, according to CloudSEK, is that Zendesk does not perform thorough email validation when adding users to subdomains. “This monitoring allows attackers to target employees or customers with phishing attempts disguised as legitimate ticket assignments,” the researchers said.
Zendesk was informed of the flaw and its potential for misuse, in accordance with CloudSEK’s Responsible Disclosure Policy, CloudSEK concluded. We have contacted the company and will update the article if we receive a response.
