Security researchers have spotted a fresh Google AppSheet scam campaign that abuses the platform to send fake job offers from a trusted-looking service address. The hook is simple: a ”dream job” pitch from what appears to be a legitimate company, followed by a request for personal details. The trick works because the messages can slip past spam filters and borrow Google’s reputation for credibility.
The fraud does not always rely on a classic phishing link, either. In some cases, the target is nudged into replying directly, which is easier to automate at scale and harder for users to spot before they have already engaged.
How the Google AppSheet scam works
According to Kaspersky, the messages come from the service address noreply@appsheet.com and are designed to look like outreach from major employers. AppSheet is a no-code Google platform, which is exactly why it can be abused: it gives attackers a legitimate delivery channel for email and SMS, not just a throwaway domain that security tools instantly distrust.
- Sender address: noreply@appsheet.com
- Theme: fake job offers and requests for personal data
- Delivery methods: email and, in some cases, SMS
- Trick: no link is always required; a reply can be enough
Why trusted platforms keep getting abused
This is part of a familiar pattern: criminals are increasingly leaning on reputable cloud tools instead of obvious spoofing domains. Microsoft, Google, and other large providers have spent years hardening their email systems, yet attackers keep finding ways to use automation and account features against ordinary users. The result is a smaller red flag for victims and a larger headache for defenders.
For job seekers, the safest move is boring but effective: verify the recruiter through another official channel before sharing anything. If a hiring message arrives out of nowhere and asks for sensitive data, treat it like a sales pitch in a tuxedo – polished, persuasive, and not automatically trustworthy.
What users should do next
Kaspersky’s advice is straightforward: check every incoming message carefully, even if the sender looks legitimate. If an offer seems real, contact the company through its official website or phone number rather than replying inside the same thread. The scam only works if the target lets the platform do the convincing.