Cybercriminals Exploit Google Classroom in Global Phishing Campaign

Cybersecurity researchers at Check Point have uncovered a massive phishing campaign that weaponized Google Classroom, one of the world’s most trusted educational platforms, to target thousands of organizations worldwide.

In the span of just one week, attackers launched five coordinated phishing waves, sending more than 115,000 fraudulent emails to 13,500 organizations across Europe, North America, the Middle East, and Asia.

How the Scam Worked

Instead of genuine educational invitations, the emails contained commercial spam pitches, including offers to resell products and promote SEO services. Recipients were then urged to contact scammers via WhatsApp numbers, a tactic designed to sidestep corporate email security filters.

“Because the emails came through Google’s own infrastructure, many security systems initially trusted them, allowing attackers to bypass traditional gateways,” Check Point explained.

Despite the scale of the attack, Check Point said its Harmony Email & Collaboration SmartPhish technology successfully blocked the bulk of the phishing attempts, with additional safeguards preventing most remaining messages from reaching users.

Why It Matters

The incident highlights how cybercriminals are increasingly misusing legitimate cloud platforms like Google Classroom to bypass traditional defenses. Experts warn that email gateways alone are no longer sufficient, as attackers exploit trust in widely adopted services.

Check Point advises organizations to:

• Train employees to treat unexpected invitations cautiously, even from familiar platforms.
• Deploy AI-driven detection tools that assess context and intent.
• Extend monitoring beyond email to include collaboration apps and SaaS platforms.
• Stay alert to social engineering tactics that shift communication off official channels.

Nigerian Context

While the latest campaign primarily hit organizations outside Africa, experts caution that Nigeria is not immune. With rapid growth in remote learning and cloud adoption, attackers could replicate these tactics locally.

Nigeria’s National Information Technology Development Agency (NITDA) recently warned that phishing attacks are evolving with the use of Artificial Intelligence (AI), which enables criminals to craft highly personalized lures. NITDA noted that attackers often trick victims into opening infected attachments, clicking malicious links, or surrendering sensitive data such as banking details and login credentials.

As Nigeria’s cybersecurity landscape faces mounting phishing and fraud attempts, experts stress the importance of multi-layered defenses, staff awareness, and vigilance in spotting suspicious communications.