Kaspersky has identified a surge in phishing attempts utilizing Google’s AppSheet no-code platform. Cybercriminals are exploiting this service to send deceptive emails that can evade numerous conventional security measures, reflecting a trend of using trusted cloud applications to target users. Kaspersky has previously reported on similar tactics involving Google services.
In these attacks, fraudsters dispatch emails appearing to come from the legitimate address noreply@appsheet.com, while employing counterfeit display names such as “GG Recruiting Team.” These messages often impersonate communications from well-known companies, including Google, Meta, Apple, Coca-Cola, and Volvo. Some of the emails simulate correspondence from recruitment departments, enticing recipients to “Schedule Your Appointment” for discussions about job opportunities.
When recipients click on the provided links, they are taken to a fraudulent site that initially collects personal information and preferred meeting times, subsequently redirecting them to a page designed to harvest credentials by requesting their Google or Facebook login information. In certain instances, the phishing link is omitted from the message, encouraging the victim to engage in further communication, presumably to obtain their credentials later.
Attackers can also acquire target email lists from external databases they control. Since the emails are sent from Google’s infrastructure, they often pass security checks such as SPF, DKIM, and DMARC, which significantly enhances the chances of successful delivery. Furthermore, AppSheet’s automation features allow attackers to send not only emails but also SMS messages, necessitating only a paid subscription to the service.
“Legitimate productivity tools can sometimes be misused by attackers. Kaspersky has tracked multiple campaigns where cybercriminals have taken advantage of Google Forms and Google Tasks to redirect users to fraudulent sites, and now we see AppSheet being utilized for phishing efforts. The abuse of trusted platforms complicates detection. Both individual and corporate users should carefully scrutinize communications they receive, even when they appear to come from reputable domains,” stated Anna Lazaricheva, a senior spam analyst at Kaspersky.
Kaspersky advises that individual users should verify any unexpected recruitment messages through official company channels, refrain from clicking on unsolicited links, and utilize Kaspersky Premium for AI-driven anti-phishing protection. Organizations are encouraged to implement reliable security solutions like Kaspersky Secure Mail Gateway to block such threats.
Photo Caption: A counterfeit invitation to arrange a meeting with Google Careers.
