Cybersecurity researchers at Check Point have uncovered a phishing campaign that hijacked Google Classroom to distribute fraudulent emails to thousands of organizations across multiple continents.
Within one week, attackers launched five coordinated waves of phishing attempts, sending more than 115,000 emails to 13,500 organizations in Europe, North America, the Middle East, and Asia. The scammers used fake Google Classroom invitations to disguise their messages, which contained not educational content but commercial spam such as reselling pitches and SEO offers.
Recipients were urged to continue the conversation on WhatsApp, a tactic designed to bypass corporate email filters. Because the messages came through Google's infrastructure, many security systems initially trusted them, enabling attackers to slip past conventional defenses.
