SPAMMERS are abusing Zendesk to flood inboxes with emails that look legitimate, sent from the Zendesk instances of well-known companies such as Discord, Riot Games and Dropbox. Zendesk is a customer service platform that handles tickets, live chat and emails, and the attackers exploit its ability to create fake support tickets with email addresses that do not belong to the submitter. A December advisory described this method as relay spam, an abuse of a legitimate automated part of a process.
The emails often carry clickbait-like titles, and some reports note that there are no malicious links or phishing attempts within the messages themselves. Zendesk told BleepingComputer that it has introduced new safety features to detect and stop this spam, and the article recommends restricting who can submit tickets and the titles they can use.
In the meantime, readers are advised to delete or archive such emails and avoid interacting with links or numbers unless the ticket was submitted through verified channels, according to the article published on 23 January 2026.