Kaspersky has identified a phishing campaign abusing Google’s AppSheet no-code platform to send convincing emails that may evade traditional security filters. Attackers use the legitimate sender address noreply@appsheet.com while spoofing trusted brands such as Google, Meta, Apple, Coca-Cola, and Volvo, often posing as recruitment teams. Victims are lured to fake websites that collect personal information and ultimately steal Google or Facebook login credentials. In some cases, attackers initiate conversations without including phishing links. Because emails originate from Google’s infrastructure, they often pass SPF, DKIM, and DMARC checks. AppSheet’s automation features also allow attackers to distribute phishing messages via SMS. Access to these capabilities requires only a paid AppSheet subscription, a press release said.

“Legitimate productivity services can often become tools in an attacker’s arsenal. Kaspersky has previously tracked several campaigns where attackers exploited Google Forms and Google Tasks for redirection to fraudulent pages, and now we see AppSheet used for phishing distribution. When trusted platforms are abused, detection becomes harder. Individual and corporate users should scrutinize communication they receive, even if it comes from trusted domains,” commented Anna Lazaricheva, senior spam analyst at Kaspersky.

Kaspersky recommends that individual users verify unexpected recruitment outreach directly through official company channels, avoid clicking unsolicited links, and use Kaspersky Premium with AI-powered anti-phishing protection. Organizations can use proven security solutions like Kaspersky Secure Mail Gateway that block threats of this kind.