Global cybersecurity firm Kaspersky has issued an urgent warning regarding a sophisticated phishing campaign that leverages Google’s AppSheet platform to execute malicious attacks under the guise of employment offers. According to security researchers, cybercriminals are impersonating prominent global brands, including Google, Meta, Apple, Coca-Cola, and Volvo. The primary objective of these deceptive emails is to trick job seekers into revealing sensitive personal information and account login credentials.
The attackers are exploiting the legitimate functionality of Google’s AppSheet platform to send emails from the address noreply@appsheet.com. Because these messages originate from Google’s own infrastructure, they often appear highly credible and manage to evade standard email security filters that identify spam or phishing attempts. These emails typically direct users to fraudulent websites designed to harvest credentials for Google accounts or social media platforms. In some instances, the attackers initiate a conversation without providing any immediate links, aiming to build trust before delivering a malicious request.
Kaspersky’s analysis indicates that because the emails are delivered through Google’s infrastructure, they frequently bypass traditional email authentication protocols such as SPF, DKIM, and DMARC. Furthermore, attackers can utilize the automated messaging features within AppSheet to distribute these phishing attempts via SMS as well. To gain access to these capabilities, malicious actors only require a paid AppSheet subscription, making the barrier to entry for this type of fraud relatively low.
Anna Lazarecheva, a senior spam analyst at Kaspersky, emphasized that even legitimate and widely used online services can be repurposed as tools for cybercrime. She noted that while they have previously documented phishing campaigns that utilized Google Forms and Google Tasks, the current shift toward AppSheet highlights the evolving tactics of cybercriminals. She stressed that even when an email appears to originate from a trusted domain, verifying the communication is an essential practice for maintaining digital security.
Kaspersky has provided several recommendations for users to protect themselves against these threats. If an individual receives an unexpected job-related email or message, they should verify the legitimacy of the offer by contacting the organization through their official website or verified communication channels. Users should avoid clicking on suspicious links and ensure they have reliable security software installed on their devices. Organizations are also advised to implement robust email security solutions, such as Kaspersky Mail Gateway, and to conduct regular phishing awareness training for their employees. As cybercriminals continue to refine their methodologies, heightened vigilance remains the most effective defense against digital threats.
