Hackers are also going back to school - major campaign hijacks Google Classroom to hit targets

2 hours ago 4

New phishing campaign found targeting Google Classroom users
CheckPoint has detected and blocked the sites
Hackers often use legitimate services to disguise their attacks

New research by Check Point has revealed a large-scale social engineering campaign which sees hackers using Google Classroom to victimize students and educators across the world.

A range of industries and companies were targeted in five coordinated waves of attack containing over 115,000 phishing emails aimed at 13,500 organizations, with fake invitations sent promoting ‘commercial offers’ such as SEO services or product pitches.

The attack often goes undetected by security software because it piggybacks on Google Classroom’s legitimate infrastructure, bypassing traditional defenses, the experts warned.

Phishing protections

To protect against attacks such as these, CheckPoint reaffirms the need for robust training for employees and members of your organization - and warns users to be very cautious of unexpected invitations or communications.

“This incident underscores the importance of multi-layered defenses,” CheckPoint’s statement confirms. “Attackers are increasingly weaponizing legitimate cloud services—making traditional email gateways insufficient to stop evolving phishing tactics."

The research also recommends using AI-powered detection to analyze content, to extend social engineering protections beyond just messaging and SaaS services, and to continuously monitor cloud applications.

Criminals often utilize legitimate platforms and services to distribute social engineering attacks or malware because it can help to evade detections. Earlier in 2025, hackers were observed bypassing security tools by mimicking legitimate login pages and stealing Microsoft credentials.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft’s Active Directory Federation Services (ADFS) connects an organization’s internal systems to Microsoft services. In this campaign, malvertising was used to distribute the phishing attack - and since the attack didn’t rely on email, traditional email security filters weren’t effective.

Although social engineering attacks can be potent and convincing, they do primarily rely on human error to be effective - which means that being wary and ensuring all members of your organization are sufficiently trained and tested in spotting attacks is the most effective defense.