Buongiorno, grazie Maurizio della segnalazione. On Fri, Sep 12 2025, maurizio lana wrote: [...]
in questi giorni in molte testate italiane si parla di questo report (pubblicato il 25 agosto): Phishing in the Classroom: 115,000 Emails Exploit Google Classroom to Target 13,500 Organizations https://blog.checkpoint.com/email-security/phishing-in-the-classroom-115000-...
quell'articolo di Check Point è "solo" un marchettone da far paura per promuovere i suoi servizi di "sicurezza"
cito:
Google Classroom is designed to connect teachers and students through invitations to join digital classrooms. Attackers exploited this trust by sending fake invitations that contained unrelated commercial offers, ranging from product reselling pitches to SEO services. Each email directed recipients to contact scammers via a WhatsApp phone number, a tactic often linked to fraud schemes.
The deception works because security systems tend to trust messages originating from legitimate Google services. By piggybacking on Google Classroom’s infrastructure,
Piggibacking?!? [1] I phishers (attackers?!?) semplicemente sono riusciti (illegalmente?!?) ad ottenere le credenziali per aprire proprie "Classrooms" e hanno usato quella piattaforma per diffondere phishing anziché corsi legit. 115,000 messaggi (stimati) di phishing sono uno zero assoluto in termini di mole di SPAM e phishing giornaliero, questo episodio non cambia una virgola rispetto a prima ma _soprattutto_ non è il caso di costruirci sopra campagne allarmistiche Quei furboni di Check Point approfittano della situazione per montarne ad arte un caso mediatico (amplificato dai media generalisti "un tanto al chilo") e propagandare le loro soluzioni "AI-powered": --8<---------------cut here---------------start------------->8--- How Check Point Blocked the Attack Despite the attackers’ sophisticated use of trusted infrastructure, Check Point Harmony Email & Collaboration’s SmartPhish technology automatically detected and blocked the majority of these phishing attempts. Additional layers of security prevented the remaining messages from reaching end users. This incident underscores the importance of multi-layered defenses. Attackers are increasingly weaponizing legitimate cloud services—making traditional email gateways insufficient to stop evolving phishing tactics. What Organizations Should Do - Educate Users: Train employees to treat unexpected invitations (even from familiar platforms) cautiously. - Deploy Advanced Threat Prevention: Use AI-powered detection that analyzes context and intent, not just sender reputation. - Monitor Cloud Applications: Extend phishing protection beyond email to collaboration apps, messaging platforms, and SaaS services. - Harden Against Social Engineering: Be aware that attackers increasingly push victims toward off-channel communication (like WhatsApp) to evade enterprise controls. --8<---------------cut here---------------end--------------->8--- La realtà delle cose è che basta un minimo di sale in zucca per capire che una email come quella nello screenshot «Figure 1: Example of a phishing email leveraging Google Classroom» [2] puzza di phishing lontano 10Km ...e _soprattutto_ che non si devono aprire link WhatsApp a caso!!! ANCHE quando l'email arriva da un dominio che "sa di Google". [...] Saluti, 380° [1] «to set up or cause to function in conjunction with something larger, more important, or already in existence or operation» https://www.merriam-webster.com/dictionary/piggyback [2] https://web.archive.org/web/20250903100533im_/https://blog.checkpoint.com/wp... [...] -- 380° (lost in /traslation/) «Welcome to the chaos of the times If you go left and I go right Pray we make it out alive This is Karmageddon»