- New phishing campaign found the targeting of Google class users
- The control point has detected and blocked sites
- Pirates often use legitimate services to hide their attacks
New research from Check Point has revealed a large -scale social engineering campaign that sees pirates using Google Classroom to victimize students and educators from around the world.
A range of industries and companies has been targeted in five waves of attack containing more than 115,000 phishing emails for 13,500 organizations, with false invitations sent by promoting “commercial offers” such as referencing services or product arguments.
The attack is often not detected by security software because there is pushes on the legitimate infrastructure of Google Classroom, by bypassing traditional defenses, have warned the experts.
Phishing protection
To protect against attacks like these, CheckPoint reaffirms the need for robust training for employees and members of your organization – and warns users to be very careful about invitations or unexpected communications.
“This incident highlights the importance of multilayer defenses,” confirms the checkpoint declaration. “Armament attackers increasingly the legitimate cloud services, which makes traditional bridges by e-mail insufficient to stop the evolution of phishing tactics.”
The research also recommends using the detection fueled by AI to analyze the content, to extend social engineering protections beyond messaging and SaaS services and to continuously monitor cloud applications.
Criminals often use legitimate platforms and services to distribute social engineering attacks or malware because it can help escape detections. Earlier in 2025, hackers were observed by bypassing the safety tools by imitating legitimate connection pages and stealing Microsoft identification information.
Microsoft Active Directory Federation Services (ADF) connect the internal systems of an organization to Microsoft services. In this campaign, malvertization was used to distribute the phishing attack-and as the attack was not based on emails, traditional e-mail safety filters were not effective.
Although social engineering attacks can be powerful and convincing, they mainly rely on human error to be effective – which means that they are wary and ensure that all members of your organization are sufficiently trained and tested to identify attacks is the most effective defense.
