A fresh spam outbreak is sweeping across the internet as users around the world report being inundated with automated emails that purport to come from legitimate customer support systems powered by Zendesk. The surge, first noticed at the beginning of February 2026, has forced many recipients to comb through hundreds of unsolicited messages — many with alarming subject lines like “Activate your account” — despite having no interaction with the companies in question.

How the Flood Started

Since early February, social media posts and security forums have lit up with users complaining of inboxes flooded with rapid bursts of automated email notices. The messages appear to be confirmation replies from support systems for companies users had never signed up with, creating confusion and concern among those affected.

Security researchers, including Jonathan Leitschuh, noted on LinkedIn that attackers appear to be “DDoSing Zendesk support ticketing systems and other account creation processes… with my email right now,” highlighting the scale and disruptive nature of the attack.

What Attackers Are Exploiting

Zendesk is a widely used customer support platform that allows companies to receive and respond to user queries through ticket systems that often send automated emails. Many Zendesk setups permit unverified users to create support tickets — a convenience feature designed to streamline customer contact. Unfortunately, this feature can be manipulated.

Attackers exploit this configuration by feeding large lists of email addresses into support forms, triggering Zendesk to automatically generate and send out confirmation emails to those addresses. Because these messages come via trusted corporate domains, they often bypass regular spam filters and land directly in recipients’ inboxes.

This technique isn’t a traditional breach of Zendesk’s internal systems — the core platform itself hasn’t been compromised — but rather a misuse of how some organizations have configured their ticket submission processes.

A Recurring Problem

This isn’t the first time such a spam wave has occurred. A similar attack last month also flooded inboxes worldwide with hundreds of ticket notifications, many bearing bizarre or misleading subject lines. At that time, companies including Dropbox and others confirmed they were affected by the campaign and advised users to ignore the messages. Zendesk said it had rolled out new safety features aimed at detecting and stopping such abuse more quickly.

Despite these efforts, the resurgence of spam suggests that misconfigured support portals remain vulnerable and that attackers continue to find ways to exploit available loopholes.

What Users and Companies Can Do

For individuals, the immediate advice is simple: be cautious. If you receive a support notification you didn’t request, do not click on any links or reply. While the current waves appear to be just noise — lacking clear malicious links or code — they could serve as precursors to more dangerous tactics in future campaigns.

For companies using Zendesk or similar platforms, tightening help desk security settings is key. Steps can include:

• Restricting ticket creation to verified users only
• Adding CAPTCHA protections to support forms
• Limiting automatic email replies when possible

These measures make it harder for automated bots to trigger mass email responses.

The Bigger Picture

The return of this spam wave is a stark reminder that even trusted infrastructure can be weaponized when automation and convenience clash with security. As attackers continue to probe for weaknesses in systems designed for ease of communication, both businesses and individuals need to remain vigilant about how automated messages are configured and delivered.