- New phishing -campaign found targeted at Google Classroom -Users
- Checkpoint has discovered and blocked the websites
- Hackers often use legitimate services to hide their attack
New research with checkpoint has revealed a large -scale social engineering campaign that sees hackers using Google Classroom to sacrifice students and teachers around the world.
A number of industries and companies were targeted in five coordinated waves of attacks containing over 115,000 phishing -e emails aimed at 13,500 organizations, with false invitations sent to promote ‘commercial offers’ such as SEO services or product spaces.
The attack is often undiscovered by security software because the piggybacks on Google Classroom’s legitimate infrastructure and bypassing traditional defense, the experts warned.
Phishing protection
To protect against attacks like these, checkpoint confirms the need for robust education for employees and members of your organization – and warns users to be very careful about unexpected invitations or communication.
“This incident emphasizes the importance of multi -layer defense,” confirms Checkpoint’s statement. “Attackers are increasingly weapons with legitimate cloud services -making traditional E -mail -gateways inadequate to stop developing phishing tactics.”
The research also recommends using AI-driven detection to analyze content, to extend the protection of social technology beyond just messaging and SaaS services and to continuously monitor cloud applications.
Criminals often use legitimate platforms and services to distribute social technical attacks or malware because it can help avoid detections. Earlier in 2025, hackers were observed bypassing security tools by mimicking legitimate login pages and stealing Microsoft legitimation information.
Microsoft’s Active Directory Federation Services (ADFS) connects an organization’s internal systems to Microsoft Services. In this campaign, Malvertising was used to distribute the phishing attack -and since the attack was not dependent on e -mail, traditional E -mail security filters were not effective.
Although social engineering attacks can be potent and compelling, they are primarily dependent on human error being effective – meaning that being careful and ensuring that all members of your organization are adequately trained and tested to spot attacks is the most effective defense.
