Cybercriminals Exploit Google Classroom in Massive Global Phishing, Raising Alarms for Nigeria’s Cybersecurity

In a large-scale coordinated phishing attack, hackers have exploited Google Classroom, a trusted global education platform, to distribute over 115,000 phishing emails targeting 13,500 organizations across Europe, North America, the Middle East, and Asia in just one week, cybersecurity researchers from Check Point have revealed.

Instead of delivering educational content, attackers sent fake Google Classroom invitations loaded with commercial spam offers—from reselling pitches to SEO services. Victims were pushed to reach scammers via WhatsApp, a tactic aimed at sidestepping corporate email security filters. The attackers’ use of Google’s own infrastructure allowed them to bypass many traditional defenses, increasing the danger of such fraud.

Check Point praised its Harmony Email & Collaboration SmartPhish technology for detecting and blocking most of the phishing attempts, noting that multi-layered cybersecurity is critical to thwarting such innovative threats.

Though Europe and other continents faced the brunt of this assault, experts are sounding urgent warnings for Nigeria’s cybersecurity landscape. As Nigerian organizations and educational institutions increasingly rely on Google services for remote learning and workplace collaboration, similar attacks could easily emerge locally, putting millions at risk.

Nigeria’s National Information Technology Development Agency (NITDA) recently cautioned citizens about the sharp rise in phishing attempts facilitated by Artificial Intelligence (AI). AI tools now enable attackers to conduct detailed research on targets, crafting personalized messages that lure users into surrendering sensitive data including passwords and financial information.

With phishing tactics evolving swiftly and criminals exploiting legitimate cloud platforms like Google Classroom, Nigerian businesses, schools, and internet users must exercise heightened vigilance. Cybersecurity experts recommend:

Educating users to be wary of unexpected invitations, even if from known platforms.
Deploying advanced, AI-powered detection tools that analyze communication context and intent instead of relying solely on sender reputation.
Monitoring beyond conventional email systems to include collaboration apps and messaging tools.

As Nigeria’s digital ecosystem grows, so does the urgency to build robust defenses against increasingly sophisticated cyber threats that exploit trusted platforms and social engineering techniques.

This evolving phishing campaign underscores the importance of proactive cybersecurity measures and continuous awareness in safeguarding Nigeria’s burgeoning digital space.