Check Point researchers have revealed a large-scale phishing campaign exploiting Google Classroom. The platform is trusted by millions of educators and students worldwide.

The company reported that attackers launched five coordinated waves in just one week. They distributed more than 115,000 phishing emails targeting 13,500 organizations across several industries. Victims were located in Europe, North America, the Middle East, and Asia.

Attackers abused Google Classroom invitations to trick users. The fake invites contained unrelated offers, such as product reselling and SEO services. Each message pushed recipients to contact scammers via WhatsApp, a tactic often linked to fraud.

• Scale: 115,000 phishing emails sent between August 6–12, 2025
• Targets: 13,500 organizations across multiple sectors
• Method: Fake Google Classroom invites with WhatsApp contact links

Check Point revealed that attackers bypassed traditional defenses by using Google Classroom’s trusted infrastructure. Security systems often treat legitimate Google services as safe, allowing many phishing emails to slip through filters before detection.

The campaign was blocked by Check Point Harmony Email & Collaboration. The company announced that its SmartPhish technology automatically detected and prevented most of the attacks. Extra security layers stopped the remaining messages from reaching inboxes.

Experts warned that cybercriminals continue to weaponize legitimate services. They advised organizations to deploy multi-layered defenses, monitor cloud applications, and train employees to recognize suspicious invitations.

Check Point added that advanced, AI-powered detection is critical. The incident highlights how phishing campaigns are evolving and why companies must protect both email and collaboration tools.

David Meister, Global Head of MSSP at Check Point Software Technologies, explains: “Attackers are exploiting the very platforms people trust the most. This campaign shows that even tools from brands as trusted as Google can be weaponized, and organizations must secure them accordingly.”

Related post

View all