Fake Zendesk security notice spammed out, directs traffic to Canadian drug websites

Filed Under: Facebook, Featured, Spam

I'm always on the lookout for breaking news about companies who might have had their systems hacked, so when I received the following email earlier today my interest was piqued.

Its subject line was "An important notice about security".

Fake security notice, pretending to be related to Zendesk breach

We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach.

We're sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach. To help keep your account secure, please:

* Don't share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away.

* Beware of suspicious emails. If you get any emails that look like they're from our Support Team but don't feel right, please let us know - especially if they include details about your support request.

* Use a strong password. If your password is weak, you can create a new one [LINK]

We're really sorry this happened, and we'll keep working with law enforcement and our vendors to ensure your information is protected.

Support Team

In a nutshell, the email claims to be from an online company which is using the Zendesk customer service portal to help it answer queries from customers.

ZendeskYou may even remember that Zendesk was hacked in February, and companies such as Tumblr, Twitter and Pinterest contacted some of their users to warn them that email addresses were possibly exposed.

What's different this time is that the body of the email doesn't really make clear *what* company is contacting me. Which seems strange.

Yes, the email mentions Zendesk - but just *who* is the company that was using Zendesk and has suffered as a result of the breach at Zendesk?

With no clear details in the email, the only way to find out is to click on the links... right?

Well, if you do that, you'll find your browser taken on a journey which ultimately (via some temporary redirects) leads you to a Canadian pharmacy website, trying to sell you Viagra and Cialis:

Canadian Pharmacy website

In short, the whole email is a campaign - using the disguise of an important security notice (complete with sensible advice to use strong passwords, and be wary of unsolicited emails!) to trick you into clicking on the link.

These cybercriminals certainly have some gall.

Of course, whoever is behind this campaign could easily change the redirects to point to a more malicious webpage, or a phishing site if they wished. Which would make it even worse.

Interestingly, this isn't the only way in which the spammers have been promoting this particular online drugs store.

Paul Baccas in SophosLabs uncovered for me that in the last 24 hours we have also had reports from customers who have received bogus Facebook notifications pointing to the same site.

Facebook-related spam message

We all probably know someone who is so addicted to Facebook, and stalking their friends' online activity, that they wouldn't hesitate from clicking on a link which they believed had come from the social network.

Remember to always practice safe computing online, including the rule about always being suspicious of unsolicited emails.

If you're not careful, you might not only be visiting spammers' websites - you could also potentially be putting your computer and its sensitive data in danger.

, , ,

You might like

4 Responses to Fake Zendesk security notice spammed out, directs traffic to Canadian drug websites

  1. Denise · 586 days ago

    For the past several weeks I've been receiving emails that are purportedly from FaceBook Tech Support or Administration, requesting my attention for one matter or another. They are very convincing-looking and contain not only a supposed link to my Notifications, but also an "unsubscribe" from future notifications link at the end. The last one I received claimed that my profile could not be used. I know these are undoubtedly fake because they are going to an email address that I never gave to FaceBook. Needless to say, I have not responded.

    • john · 585 days ago

      I received the fake Zendesk spam at my gmail. It was sent from a hacked site I have never even browsed, and certainly never interacted with in any way Zendesk could have possibly been involved.

      The FaceBook "look" is so minimalistic, and many people see it so often, I think they're lulled into a sense of comfort by it. That plus if they haven't disabled email notifications for every single event that occurs there, they're going to tend to overlook the spams that don't come from FaceBook at all, but look just like they do.

      Gmail won't even show the uri for a link in an email in the spam folder. If you paste the part of the email body containing the links into a new email draft, your only options will be to change or remove the link.

  2. Hayley Kaplan · 585 days ago

    Ugggh. I got the Facebook one and clicked the link that took me to the exact site you referenced above. Since then, I am not accessing any financial sites on my computer in case I'm infected and I've taken several other precautionary steps as well. Since this is a common scam, is there any evidence that the site installs malware on computers that go there? I'm not finding evidence of that but I know that doesn't mean I'm not infected.

    I wrote the article below after this happened to me .http://what-is-privacy.com/2013/03/09/i-just-became-a-phishing-fool/

    I'd like nothing more than to remove all the new safeguards I've installed because they are slowing my computer down dramatically and making it very annoying to use. I'd love to hear if anyone knows what going to that site actually does besides direct us to a Spammy site.

  3. guest · 583 days ago

    The manner in which companies dole out legitimate correspondence full of embedded links makes it doubly challenging to teach the average user what to click/what not to click. Client satisfaction surveys and online billing notices are among the worst. The former, because companies generally conduct surveys through third party service providers that no one is going to recognize, plus the outreach email always has a dubious-looking link to the survey. The latter, because we anticipate the billing notice each month and typically click on the link to pay in the email out of convenience and habit.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.