MobileNews

Google Classroom invitations being abused to send spam emails, can’t be disabled

Google’s tools are once again being abused to send unwanted emails, with attackers now using Google Classroom to deliver spam.

Unwanted spam emails are nearly as old as email itself, with malicious groups constantly working on new tricks to have their messages bypass Gmail and Outlook spam filters. One of the best ways to get around a spam filter is to have an email come from a trusted sender, like Google. This is a strategy that attackers have employed countless times before.

The latest iteration, spotted by Artem Russakovskii, uses Google Classroom’s ability to send a class invitation to any email address. Before you click through, it should be noted that the example he shared is a bit NSFW.

As it stands today, Google Classroom is available to anyone and everyone with a Google Account, not just those with a paid Workspace account. By creating a classroom for free, you’re able to send an email invitation to anyone, including to those who don’t use a Gmail address. All an attacker needs to do is put their spam message into the class name and send out Google Classroom invitations. There doesn’t even seem to be a limit on how long the class name — and therefore spam message — can be.

Worse, as Russakovskii points out, there doesn’t seem to be a way to prevent Google Classroom from sending these unwanted spam invitations. The web app’s settings offer a toggle for “Email notifications,” but in our testing, this toggle does not consistently prevent invitation emails from being sent to your inbox.

The last time this type of issue cropped up was through the comments system in Google Docs, Sheets, and Slides, where one could tag any email address in a spam-filled document. It took over half a year for Google to roll out a solution, where it allowed people to block spammers and hide their unwanted files. Hopefully, this Google Classroom invitation spam will have a simpler fix.

More on Google Workspace:



Author: Kyle Bradshaw
Source: 9TO5Google

Related posts
AI & RoboticsNews

The show’s not over: 2024 sees big boost to AI investment

AI & RoboticsNews

AI on your smartphone? Hugging Face’s SmolLM2 brings powerful models to the palm of your hand

AI & RoboticsNews

Why multi-agent AI tackles complexities LLMs can’t

DefenseNews

US Army buys long-flying solar drones to watch over Pacific units

Sign up for our Newsletter and
stay informed!