- New Phishing campaign found addressed to Google Classroom users
- The control point has detected and blocked the sites
- Computer pirates often use legitimate services to disguise their attacks
A new research by Check Point has revealed a large -scale social engineering campaign that sees the computer pirates who use Google classroom to victimize students and educators worldwide.
A variety of industries and companies were attacked in five coordinated attacks containing more than 115,000 phishing emails aimed at 13,500 organizations, with false invitations sent to promote ‘commercial offers’ such as SEO services or product launch services.
The attack was often not detected by security software because Google Classroom legitimate infrastructure is noticed, avoiding traditional defenses, experts warned.
Phishing protection
To protect against attacks like these, the control point reaffirms the need for solid training for employees and members of your organization, and warns users to be very cautious of unexpected invitations or communications.
“This incident underlines the importance of multi -layer defenses,” confirms the checkpoint statement. “The attackers are increasingly assembling legitimate cloud services, which makes traditional email email doors not enough to stop evolving phishing tactics.”
Research also recommends using AI detection to analyze the content, extend social engineering protections beyond messages and SAAS, and to continuously monitor cloud applications.
Criminals often use legitimate platforms and services to distribute social engineering attacks or malware because it can help evade detections. At the beginning of 2025, computer pirates were observed without overlooking security tools imitating legitimate login pages and stealing Microsoft credentials.
Microsoft’s Active Directory Federation Services connects the internal systems of an organization with Microsoft services. In this campaign, Malvertishing was used to distribute Phishing’s attack, and since the attack did not depend on email, traditional email security filters were not effective.
Although social engineering attacks can be powerful and convincing, they depend mainly on the fact that human error is effective, which means that being cautious and ensuring that all members of their organization are sufficiently trained and proven to detect attacks is the most effective defense.
