I’ve seen a few hundred of these emails in the past couple days coming in from multiple different companies.
I’m looking for more info.
at least one said it was zendesk, most did not say any software.
the tickets are being sent with CC addresses that contain large email lists. often others on the CC who don’t know what’s happening will reply “stop emailing me”.
so far I’ve seen this coming in to multiple addresses and none of the sending companies are familiar either.
sounds familiar to anyone? any info on this? it’s there a name i can lookup to find more info? i want to know what services this effects so i can properly protect my stuff and my work stuff.
Reply-all with “unsubscribe”
Edit: Jesus, y’all are dense.
that’s not going to stop the hacked system from spamming myself and every other customer they have. I would highly doubt if they even take the time to look at any replies let alone actually read them and unsubscribe anyone who asked for it… after the entire hack was over because I called one company and they were already aware of the hack and were trying to stop it.
I’m getting big “haha i was just pretending” vibes from that guy who wrote you a paragraph lol
My comment was to others who didn’t see that you used that sarcastic font when you hit post.
I didn’t downvote. 🤷
I’ve only seen four or five. What do you use to filter your emails?
other than specific filters and generic spam filter I have the “if content contains ‘unsubscribe’ then mark as read and never mark important”
Whose your email provider? Or do you self-host? If you have a provider you can report the spam to them so they can update their systems.
I’m using Google. I’ve done that too. protecting inboxes is step one for sure, but i also want to know the extent of this. it’s not enough for me to just block the emails and leave it at that.
if it keeps coming and i fail to block them all i want to have some info on the intent of this so I can properly educate others i work with to defend ourselves
Watch out for email footers like “This is important account information. You cannot unsubscribe from these emails.”.
oh, yeah. it’s not perfect but it sure does remove so much crap i don’t intend to read.
i recently missed an event invite because of it… luckily i was just a late responder and have not actually missed the event itself
i definitely have to “browse” the unimportant emails regularly
Why do you think anything is hacked? It’s trivially easy to send an email pretending to be someone else. There’s no validation.
Do they contain valid data or something?
I’ve seen hundreds of those and they’re mostly phishing attempts. this new one doesn’t look anything like that.
this one has multiple addresses in the CC field, at least one of which is always a predefined list on the senders side. and it’s otherwise a legit looking support ticket response.
but i want to know what’s the origin, what’s the vectors, and what’s the target.
Optional, but recommended. But doesn’t guarantee anything unless both sides respect it. Also, IP spoofing is a thing.
Email is a broken protocol. There’s a great copy pasta about why it can’t or won’t be fixed, which I unfortunately can’t find. But it boils down to the fact that you can’t get everyone to agree on, or implement, the fixes necessary to prevent spam.
This is someone abusing ticketing systems that send autoresponses. Nothing has been hacked, the best thing for you to do is make a mailbox filter rule that trashes those and move on.
The people operating the ticketing systems that are being abused will need to individually take action to deal with those incoming false support requests. They’re already aware of it, you don’t need to try and tell anyone.
Another thing to be aware of - sometimes malicious actors will do this in order to overwhelm your mailbox because they’re doing a identity theft or account takeover thing against you, so watch out for emails that say some password of yours was changed, or a purchase was made or something. This might not apply to you, you mentioned other recipients. But it’s still good to know.
Where seeing it as well. I’m unsure what the scam is. The ticket systems we saw don’t have any obvious connection to our industry. It is a lot of noise, but it wasn’t like a coverup spam, because it hit multiple users in the org at once. Really a strange thing.
i assume something just got popular with script kiddies, but i want to know what it is and what systems it effects so i can know if I’m protected or not.
gonna keep looking at least as long as i keep seeing this happening
Do yours have an onmicrosoft.com account CC’d? Both cases we have seen have had a different onmicrosoft.com account CC’d.
not sure if all of them did, but some did for sure. off looking address too
