Cybersecurity researchers at Check Point have revealed a massive phishing operation leveraging the trusted Google Classroom platform to launch over 115,000 fraudulent emails worldwide in early August 2025.
This sophisticated campaign targeted more than 13,500 organizations across multiple continents, deceiving recipients through fake classroom invitations.
Over a single week, attackers executed five coordinated waves of cyberattacks using Google Classroom’s invitation feature to distribute illegitimate messages masquerading as educational content. Instead of genuine lessons, these emails contained commercial proposals such as SEO service pitches and product reselling offers. The recipients were urged to engage with the scammers via WhatsApp, a method aimed at evading corporate email security and shifting communication off monitored platforms.
The tactic was effective because the bogus emails originated from Google’s own infrastructure, causing many traditional spam filters and security gateways to treat them as trustworthy, thereby letting them slip through. Check Point’s advanced protection tool, Harmony Email & Collaboration’s SmartPhish, was able to detect and block most of these deceptive messages, with additional defense layers preventing many others from reaching users.
Experts warn that this campaign exemplifies a growing trend where cybercriminals exploit reputable cloud services, making standard email defenses inadequate. Organizations are encouraged to educate employees on exercising caution with unexpected invites, even from familiar platforms and employ AI-enhanced detection systems that assess contextual cues rather than relying solely on sender reputation.
Businesses and educational institutions worldwide must reinforce cybersecurity strategies, multi-layered protections and user vigilance, as phishing operations become more complex. Organizations heavily reliant on Google services, should remain alert as similar scams could be adapted. Continuous efforts to educate and deploy sophisticated monitoring tools remain key defenses against these evolving threats.
