Cybersecurity researchers at Check Point have uncovered a phishing campaign that hijacked Google Classroom to distribute fraudulent emails to thousands of organizations across multiple continents.
Within one week, attackers launched five coordinated waves of phishing attempts, sending more than 115,000 emails to 13,500 organizations in Europe, North America, the Middle East, and Asia. The scammers used fake Google Classroom invitations to disguise their messages, which contained not educational content but commercial spam such as reselling pitches and SEO offers.
Recipients were urged to continue the conversation on WhatsApp, a tactic designed to bypass corporate email filters. Because the messages came through Google’s infrastructure, many security systems initially trusted them, enabling attackers to slip past conventional defenses.
Check Point said its SmartPhish technology blocked most of the attempts but warned that the campaign highlighted how attackers are increasingly abusing legitimate cloud services to evade detection. The firm urged organizations to educate staff, deploy AI-powered monitoring tools, and extend surveillance beyond email to include collaboration apps and SaaS platforms.
Although the primary targets were outside Africa, experts warned that Nigeria remains vulnerable as schools and businesses expand their use of Google services. Analysts noted that local users could easily be tricked with similar tactics, underscoring the need for vigilance.
