Scammers Are Hacking Zendesk Free Trials to Rip You Off
This week on Funnel Frontier: Heard about Zendesk? Hackers found a way in with free trials and are trying to scam everyone, not just Zendesk users.
This week:
- Scammers are hacking Zendesk free trials to rip you off
- Twilio’s 2025 comeback story: From losing millions to turning things around
Stat of the Week
Businesses leveraging mobile CRM platforms are 150% more likely to exceed their sales goals, showing the growing importance of mobility in CRM strategies. (CRM.org)
Scammers are hacking Zendesk free trials to rip you off
If you’ve ever felt like your inbox was a minefield of phishing emails, Zendesk may unintentionally be making it worse.
A new report from CloudSek claims that scammers are exploiting Zendesk’s free trial infrastructure, turning it into a platform for phishing, data theft, and even “pig butchering” scams. Yeah, it’s as wild as it sounds.
Wait, what’s going on with Zendesk?
Here’s the short version: Zendesk’s free trial feature lets users create subdomains mimicking a legitimate company (think something like CompanyName-support.zendesk.com). Scammers are registering subdomains that look legit, using them to send out phishing emails, fake support tickets, and links to bogus customer service forms.
Since Zendesk is a legitimate company, these emails land right in recipients’ primary inboxes (not spam!), tricking people into thinking they’re interacting with real brands. The emails apparently carry an image hyperlinked to a phishing page, where the scam continues.
The report also highlights how Zendesk’s lack of email verification makes it way too easy for attackers to pull this off. Yikes.
What about “Pig Butchering”?
It’s not just phishing on the menu. CloudSek warns Zendesk could also be used for “pig butchering” scams. (And no, this has nothing to do with farms.)
These scams involve fraudsters building trust with targets over time, only to convince them to invest in fake schemes before vanishing with their money. The ruse is designed to last as long as possible, draining money from the victim until they realize they’ve been defrauded.
Although there’s no evidence of this happening on Zendesk yet, the platform’s vulnerabilities make it an attractive option for scammers looking to pull off these elaborate cons.
How scammers pull this off
Here’s how a typical phishing attack might go down:
Create a Zendesk Account – The attacker sets up a subdomain mimicking a real brand.
Send Phishing Emails – Using Zendesk’s tools, they send fake support tickets or requests to unsuspecting employees or customers.
Collect Data – They harvest email addresses and other personal data using tools like RocketReach.
Exploit Victims – Zendesk’s lack of email verification enables attackers to send phishing links to any added email address.
A String of Warnings for Zendesk
If this sounds bad, it gets worse. This isn’t the first time Zendesk has been in the crosshairs for security issues.
Just a few months ago, a 15-year-old ethical hacker exposed a vulnerability in Zendesk’s email system that allowed unauthorized access to support tickets.
Spoofing protection? Non-existent. Predictable ticket IDs? Check.
How to stay safe?
So, what can you do if your business relies on Zendesk—or if you’re just trying to avoid falling victim to these scams? CloudSek offers a few tips:
Blacklist Suspicious Subdomains: Restrict access to any unverified Zendesk URLs.
Invest in Detection Tools: Consider tools like XVigil to monitor and alert on fake subdomains.
Educate Employees: Phishing training and awareness can be a game-changer in spotting fake support tickets or suspicious links.
With these vulnerabilities stacking up, it’s clear Zendesk needs to prioritize security enhancements—stat.
Until then, it’s a cautionary tale for SaaS platforms everywhere: even the best tech can become a scammer’s playground if left unchecked.
The Week @ CRM.org
Small Business CRM. When your business is small but your aspirations are big, and you're okay with explaining to everyone what “Bigin” means.
Free and Paid WordPress CRM Plugins. Ideas for turning your casual browser pit stop into a lead-generating station.
Weekly Bloom
The Internet Wasn’t Born Yesterday: A Brief History. Remember dial-up? Yeah, the internet’s come a long way since those screechy tones. Buckle up for a quick tour through the wild ride that got us here.
Twilio’s 2025 comeback story: From losing millions to turning things around
Twilio’s transformation journey over the past two years has been anything but smooth. Its ambitious $3.2BN acquisition of Segment initially derailed the company, as it stretched itself thin trying to become a CX Swiss Army Knife—offering tools for marketing, sales, and more. Unfortunately, nobody asked for that.
Meanwhile, the SaaS market stumbled post-pandemic, and Twilio’s lack of profitability led to significant financial losses. By May 2023, the company recorded $1.38BN in annual net losses, prompting layoffs, divestitures, and leadership changes. With former CEO Jeff Lawson exiting under a cloud, Khozema Shipchandler stepped in to steady the ship.
Shipchandler’s strategy? Simplify. Instead of selling Segment, he chose to integrate it into Twilio’s core communications offerings, creating a cohesive platform powered by AI. This move aligned its Customer Data Platform (CDP) with its telephony roots, enabling customers to unlock greater value.
The results are promising. Twilio’s YoY net expansion rate rose from 101 percent in 2023 to 105 percent last quarter, showing better retention and growth within its enterprise accounts. Its customer base now exceeds 320,000, up by 14,000 in a year, and double-digit growth last quarter has buoyed optimism.
Financially, Twilio’s turnaround is striking. The company posted nearly $700M in profits and cash flow last year, while its stock price surged 141 percent in six months.
As Twilio sharpens its focus and innovation efforts, CEO Shipchandler is optimistic: “We’re uniquely positioned with leading communications and data capabilities, and AI will set us apart.”
With plans to deliver more than last year’s 251 products and capitalize on its newfound momentum, Twilio is gearing up for a 2025 comeback—and this time, it’s playing to its strengths.
Galactic Gourmet
CRM blips from around the web
ServiceNow Acquires Cuein to Supercharge AI-Driven CX. ServiceNow’s acquisition of Cuein brings AI-powered tools to analyze customer interactions and deliver actionable insights. This upgrade promises smarter, scalable customer service solutions for businesses.
Microsoft to Retire Dynamics 365 Unified Service Desk. Microsoft will phase out its Unified Service Desk (USD) by June 2028, urging teams to transition to the modern Customer Service Workspace (CSW), as CSW promises a smarter, more responsive agent experience.
AWS Launches Free Trial for Amazon Connect Contact Lens. AWS is offering first-time users of Contact Lens conversational analytics a 60-day free trial, including 100,000 voice minutes. Try AI-powered insights, real-time sentiment analysis, and auto-QA tools
Astronomical Assets
Significant moves in the past 7 days
Stock | Change | Close Price |
Freshworks Inc. (NASDAQ: FRSH) | +2.37 (+13,67%) | 19.75 USD |
Oracle (NYSE: ORCL) | -21.59 (-11.63%) | 164.00 USD |
DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets. Please be careful and do your own research.
If you'd like weekly CRM news delivered to your inbox, subscribe to Funnel Frontier!