Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Phishing in the Classroom! 115,000 emails targeted 13,500 organizations with Google Classroom.

Redazione RHC : 10 September 2025 17:05

Check Point researchers have discovered a large-scale active phishing campaign exploiting Google Classroom, a platform trusted by millions of students and educators worldwide.

Over the course of a single week, attackers launched five coordinated waves, distributing more than 115,000 phishing emails targeting 13,500 organizations across various industries. Organizations in Europe, North America, the Middle East, and Asia were targeted.

A trusted tool transformed into a threat vector

Google Classroom is designed to connect teachers and students through invitations to join virtual classes. Attackers exploited this trust by sending fake invitations containing unrelated commercial offers, ranging from product resale to SEO services.

Each email directed recipients to contact scammers via a WhatsApp phone number, a tactic often linked to fraud schemes.

The scam works because Security systems tend to trust messages from legitimate Google services. By exploiting Google Classroom’s infrastructure, attackers were able to bypass some traditional security layers, attempting to reach the email inboxes of over 13,500 companies before defenses were activated.

Anatomy of the Campaign

  • Scale: 115,000 phishing emails sent between August 6 and 12, 2025.
  • Targets: 13,500 organizations worldwide, across a variety of industries.
  • Decoy: Fake Google Classroom invitations containing offers unrelated to education.
  • Call to action: A WhatsApp phone number, designed to move the conversation away from email and corporate tracking.
  • Delivery method: Five main waves, each of which exploited the legitimacy of Google Classroom to evade filters.

How Check Point Blocked the Attack

Despite the attackers’ sophisticated use of trusted infrastructure, Check Point Harmony Email & Collaboration‘s SmartPhish technology automatically detected and blocked most phishing attempts. Additional layers of security prevented the remaining messages from reaching end users.

This incident underscores the importance of layered defenses. Attackers are increasingly using legitimate cloud services, making traditional email gateways insufficient to block ever-evolving phishing tactics.

What organizations should do

  • Educate: Train users, students, and employees to treat unexpected invitations (even those from familiar platforms) with caution.
  • Advanced phishing prevention Threats: Use AI-powered detection that analyzes context and intent, not just sender reputation.
  • Monitor cloud applications: Extend phishing protection beyond email to collaboration apps, messaging platforms, and SaaS services.
  • Defend against social engineering: Be aware that attackers are increasingly pushing victims to communicate outside of “official” channels (like WhatsApp) to evade corporate controls.

Attackers continue to find creative ways to exploit legitimate services like Google Classroom to gain trust, bypass defenses, and achieve large-scale goals. With over 115,000 emails in just one week, this campaign highlights the ease with which cybercriminals can weaponize digital platforms for fraud.

Recognized as a Leader and Outperformer in the 2025 GigaOm Radar for Anti-Phishing, Check Point Harmony Email & Collaboration provides the advanced, layered defense needed to protect organizations from phishing attacks, even when they hide in plain sight.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli