Cybersecurity researchers at Check Point have uncovered a large-scale phishing campaign abusing Google Classroom, turning one of the world’s most trusted educational platforms into a tool for fraud.
In just one week, attackers launched five coordinated waves, distributing over 115,000 phishing emails targeting 13,500 organizations across Europe, North America, the Middle East, and Asia.
Google Classroom, designed to connect teachers and students, was manipulated by cybercriminals who sent fake classroom invitations.
How the phishing scam worked
According to Check Point, instead of educational content, the messages contained commercial spam offers, ranging from reselling pitches to SEO services.
Each email then pushed recipients to contact scammers through WhatsApp numbers, a common tactic to avoid corporate security filters.
“Because the emails came through Google’s own infrastructure, many security systems initially trusted them, allowing attackers to bypass traditional email gateways. This highlights why conventional defenses alone are no longer enough,” the cybersecurity firm stated.
- Despite the sophistication of the campaign, Check Point reported that its Harmony Email & Collaboration SmartPhish technology successfully detected and blocked most of the phishing attempts.
- Additional security layers prevented remaining messages from reaching end users, underscoring the importance of multi-layered protection in combating modern cyber threats.
Why this matters for organizations
Check Point warns that cybercriminals are increasingly exploiting legitimate cloud services like Google Classroom to evade detection. Traditional email gateways alone are no longer sufficient to block such attacks, as hackers adapt to exploit trust in widely used platforms.
The researchers recommend that organizations:
- Educate employees to treat unexpected invitations cautiously, even from familiar platforms.
- Deploy AI-powered detection tools that analyze context and intent, not just sender reputation.
- Extend monitoring beyond email to collaboration apps, messaging tools, and SaaS services.
- Stay alert to social engineering, as attackers often push victims to off-channel communications like WhatsApp.
Nigerian organizations not immune
While the attacks primarily hit Europe, North America, the Middle East, and Asia, Nigerian businesses and schools remain vulnerable given the country’s growing reliance on Google services for remote learning and workplace collaboration.
With education technology and cloud platforms rapidly expanding in Nigeria, experts warn that such tactics could easily be replicated locally to target unsuspecting users.
- Nigeria’s cybersecurity landscape is already under pressure from rising phishing and fraud attempts.
- In a recent advisory, the National Information Technology Development Agency (NITDA) advised Nigerians to be cautious of their activities on the internet as cybercriminals have upped their game in phishing attacks with the use of Artificial Intelligence (AI) tools.
- According to NITDA, AI now allows the attackers to conduct thorough research on their victims and create personalized messages to trick them into releasing their sensitive information.
- It noted that phishing attacks involve manipulating individuals into opening an infected email attachment, clicking on a malicious link, or giving up sensitive information, such as usernames and passwords or bank information.
