Is this legit?
Random email, no support tickets associated with my account on support.cloudflare.com. Why would free accounts automatically upgrade to paid on registration? Looks like a gnarly phish. We had something similar at my company where the Zendesk got taken over.
9 Replies
Putting in security as this is a security-concern of phishing.
More context could be helpful, but Cloudflare indeed does use Stripe Identity Verification and T&S would be the one to send it. Their wording is a bit weird but they're just saying it because of the domain purchase, and it's been reported before they do verify identity sometimes after buying a domain: https://community.cloudflare.com/t/is-stripe-verification-legit/391389
Interesting, thank you! I asked the support person to add it to my support dashboard in cloudflare. They "cant" lol. This is a really interesting attack vector from a security perspective. The first email support sent only said "This is a security check, click the link below. You have 24 hours to do so or your domains will be revoked"
Does the email header include anything about the ZenDesk tenant? It would be an interesting attack vector.
Also, did you attempt any in-account purchases? (Domain, addon, etc)?
Also, did you attempt any in-account purchases? (Domain, addon, etc)?
I did not! I bought some domains about a week ago since its year end, but I transfered those the day of to my main business account. This email reached out to my personal which is strange as well
At my company we had a really neat bug where password resets could be sent and the attacker used the zendesk support email to take it over. They got paid out via bug bounty but not my first time seeing a social engineering narrative built like this
Yea it's very interesting. I'm going to search through my email to see if any other random ZenDesk ticket that I've ever had includes like some identifying tenant info
X-Zendesk-From-Account-Id: & Return-Path:. I'm not sure how you'd validate if it's authentic or not, if you don't have a known-good ID.They refused to add it to the salesforce support because the
at this time this process is not connected to our support teamBased on things I've seen here in chat, the trust and safety team is unique in their standard operations. So, it is still plausible that the statement is true.
Yea enterprise support confirmed its legit as well
Support was super nice about it and got it all situated ❤️