A large-scale active phishing campaign abusing Google Classroom, a platform trusted by millions of students and educators worldwide, has been uncovered. The scope of the attack is staggering.
According to Check Point, a cybersecurity company, attackers launched five coordinated waves over the course of just one week, distributing more than 115,000 phishing emails aimed at 13,500 organizations across multiple industries.
Organizations in Europe, North America, the Middle East, and Asia are being targeted, researchers say.
They’re mostly educational institutions, as Google Classroom is a platform designed to connect teachers and students through invitations to join digital classrooms.
The cybercriminals have been exploiting trust in the resource by sending fake “invitations” that contained unrelated commercial offers, ranging from product reselling pitches to SEO services.
Each email directed recipients to contact scammers via a WhatsApp phone number, a tactic often linked to fraud schemes and aimed at essentially taking the conversation away from monitoring capabilities.
“The deception works because security systems tend to trust messages originating from legitimate Google services,” Check Point explained in a blog post. “By piggybacking on Google Classroom’s infrastructure, attackers were able to bypass certain traditional security layers, attempting to reach inboxes at more than 13,500 companies before defenses were triggered.”
Check Point says that the incident – mostly under control now – “underscores the importance of multi-layered defenses.”
According to the researchers, organizations should train their employees to treat unexpected invitations cautiously and be aware that attackers increasingly push victims toward off-channel communication to evade enterprise controls.
By the way, AI is also making it easier for threat actors to harvest credentials anywhere in the world via phishing attacks.
For example, Darcula, the AI-enabled phishing-as-a-service platform, has been offering cybercrooks the chance to scam hundreds of thousands of victims in recent years.
The Darcula platform was offering cybercriminals 20,000 domains and 200 templates to spoof brands and steal credentials, targeting everything from postal services and tax agencies to telcos and airlines.
Your email address will not be published. Required fields are markedmarked