Kaspersky Lab has warned of a surge in phishing emails with job offers. In the new scheme, attackers use Google AppSheet – a legitimate no-code application development platform. This makes the emails look more convincing and can more easily bypass traditional spam filters.
The scheme revolves around fake vacancies. Scammers register with AppSheet and send emails from the genuine service address noreply@appsheet.com, using plausible recruiting team names in the display name. The messages mimic offers from large tech companies, FMCG brands, or car manufacturers: the recipient is invited to discuss career opportunities and click a link to schedule a meeting.
Next, the user is asked to provide their name, contact details, and a convenient time for a call. After this, they may be redirected to another fraudulent page where login credentials for an account, such as Google, are requested. As a result, the person risks handing over confidential data to attackers.
There is another scenario: there may be no phishing link in the email. Instead, the victim is asked to reply to the “recruiting team” themselves. Presumably, after the correspondence begins, the scammers try to gradually extract credentials or other sensitive information.
The danger of the scheme is that emails pass through Google's infrastructure. Thanks to this, they often pass SPF, DKIM, and DMARC checks, which usually help email services filter out suspicious messages. In addition, AppSheet allows sending not only emails but also SMS, and to launch such campaigns, attackers only need to subscribe to a paid plan, even at the basic tier.
Kaspersky Lab notes that scammers are increasingly using legitimate cloud services for attacks. Previously, the company had already recorded similar schemes with Google Forms, Google Tasks, Google Sheets, and OpenAI. Now, AppSheet has been added to this list.
Experts advise checking any job offers through official company channels, not clicking on suspicious links, not entering logins and passwords on dubious pages, and enabling multi-factor authentication. Businesses are also recommended to regularly train employees in digital security and use protective solutions for email and work devices.