Nearly 13,500 education, healthcare, manufacturing, and finance organizations around the world, particularly in North America, Europe, and Asia, have been subjected to a sweeping phishing campaign exploiting the widely used educational platform Google Classroom earlier this month, GBHackers News reports.
Over 115,000 illicit emails have been delivered as part of the campaign between August 6 and 12, according to an analysis from Check Point researchers. Threat actors have crafted the emails to impersonate real classroom join requests with unrelated commercial lures aimed at deceiving recipients into communicating with an attacker-controlled WhatsApp number, which further cemented the clandestine nature of the operation. Such an attack campaign's reliance on social engineering for external fraud should prompt organizations to strengthen email systems' security defenses with machine learning-based models that could identify potentially malicious content, as well as implement multi-factor authentication, advanced threat protection layers, and regular security awareness training programs, said researchers.
Over 115,000 illicit emails have been delivered as part of the campaign between August 6 and 12, according to an analysis from Check Point researchers. Threat actors have crafted the emails to impersonate real classroom join requests with unrelated commercial lures aimed at deceiving recipients into communicating with an attacker-controlled WhatsApp number, which further cemented the clandestine nature of the operation. Such an attack campaign's reliance on social engineering for external fraud should prompt organizations to strengthen email systems' security defenses with machine learning-based models that could identify potentially malicious content, as well as implement multi-factor authentication, advanced threat protection layers, and regular security awareness training programs, said researchers.
