Fake Zendesk security notice spammed out, directs traffic to Canadian drug websites

I’m always on the lookout for breaking news about companies who might have had their systems hacked, so when I received the following email earlier today my interest was piqued.

Its subject line was “An important notice about security”.

Fake security notice, pretending to be related to Zendesk breach

We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach.

Sign up to our free newsletter.
Security news, advice, and tips.

We're sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach. To help keep your account secure, please:

* Don't share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away.

* Beware of suspicious emails. If you get any emails that look like they're from our Support Team but don't feel right, please let us know - especially if they include details about your support request.

* Use a strong password. If your password is weak, you can create a new one [LINK]

We're really sorry this happened, and we'll keep working with law enforcement and our vendors to ensure your information is protected.

Support Team

In a nutshell, the email claims to be from an online company which is using the Zendesk customer service portal to help it answer queries from customers.

ZendeskYou may even remember that Zendesk was hacked in February, and companies such as Tumblr, Twitter and Pinterest contacted some of their users to warn them that email addresses were possibly exposed.

What’s different this time is that the body of the email doesn’t really make clear *what* company is contacting me. Which seems strange.

Yes, the email mentions Zendesk – but just *who* is the company that was using Zendesk and has suffered as a result of the breach at Zendesk?

With no clear details in the email, the only way to find out is to click on the links… right?

Well, if you do that, you’ll find your browser taken on a journey which ultimately (via some temporary redirects) leads you to a Canadian pharmacy website, trying to sell you Viagra and Cialis:

Canadian Pharmacy website

In short, the whole email is a campaign – using the disguise of an important security notice (complete with sensible advice to use strong passwords, and be wary of unsolicited emails!) to trick you into clicking on the link.

These cybercriminals certainly have some gall.

Of course, whoever is behind this campaign could easily change the redirects to point to a more malicious webpage, or a phishing site if they wished. Which would make it even worse.

Interestingly, this isn’t the only way in which the spammers have been promoting this particular online drugs store.

Paul Baccas in SophosLabs uncovered for me that in the last 24 hours we have also had reports from customers who have received bogus Facebook notifications pointing to the same site.

Facebook-related spam message

We all probably know someone who is so addicted to Facebook, and stalking their friends’ online activity, that they wouldn’t hesitate from clicking on a link which they believed had come from the social network.

Remember to always practice safe computing online, including the rule about always being suspicious of unsolicited emails.

If you’re not careful, you might not only be visiting spammers’ websites – you could also potentially be putting your computer and its sensitive data in danger.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.