Cybersecurity researchers at Check Point have exposed a large-scale phishing campaign that hijacked Google Classroom, one of the world’s most trusted educational platforms, to distribute fraudulent emails. In just one week, attackers launched five coordinated waves, sending more than 115,000 phishing emails to 13,500 organizations across Europe, North America, the Middle East, and Asia. Instead of legitimate educational invitations, the emails carried spam offers ranging from reselling pitches to SEO services, luring recipients to contact scammers via WhatsApp to evade corporate security filters.
According to Check Point, the attack was particularly dangerous because the messages originated from Google’s infrastructure, making them appear credible and allowing them to bypass traditional email gateways. The cybersecurity firm explained that this highlights the growing trend of cybercriminals exploiting legitimate cloud platforms to evade detection.
While the campaign was widespread, Check Point reported that its Harmony Email & Collaboration SmartPhish technology blocked most of the malicious attempts, with additional layers preventing others from reaching end users.
The researchers warned that organizations must go beyond conventional defenses to stay protected against such attacks. Recommendations include educating employees to treat unfamiliar invitations cautiously, even from trusted platforms, deploying AI-powered detection tools to analyze context and intent, and extending monitoring beyond email to collaboration tools and SaaS services. They stressed that social engineering tactics, such as redirecting victims to WhatsApp, remain a critical element of modern phishing schemes.
While the latest wave targeted organizations abroad, experts cautioned that Nigerian schools and businesses could also be vulnerable due to their growing reliance on Google services for remote learning and workplace collaboration. Nigeria’s National Information Technology Development Agency (NITDA) has already raised alarms about the rise of AI-driven phishing attacks in the country.
NITDA advised Nigerians to remain vigilant, warning that cybercriminals now use artificial intelligence to personalize attacks, tricking victims into revealing sensitive information such as bank details, usernames, and passwords