Recruiting scams via Google tools
- Reporters say scammers are mimicking legitimate Google warnings and using Google AppSheet to send convincing fake job offers. - Two outlets documented a Gmail account‑takeover scam and AppSheet‑based phishing landing directly in inboxes. - The incidents highlight that recruiting channels themselves are attack surfaces recruiters and candidates must verify (dailymail.com (ketv.com).
Scammers are using Google’s own tools to make fake recruiting emails and fake Google alerts look real enough to land in primary inboxes. (ketv.com) KETV reported on April 9 that some job seekers received polished offers sent from `noreply@appsheet.com`, a real Google AppSheet address, with roles tailored to their experience. Google told the station it had blocked abusive accounts and added automated protections against similar AppSheet abuse. (ketv.com) AppSheet is Google’s no-code app builder, which companies use to automate tasks like sending emails without writing software from scratch. In the scam KETV documented, attackers used those workflow features to distribute phishing messages that looked like normal recruiting outreach. (support.google.com) (ketv.com) A separate campaign targeted Gmail users with fake account-security notices that appeared to come from Google and linked to counterfeit sign-in pages hosted on Google Sites. The Identity Theft Resource Center said on January 15, 2026, that the goal was to steal Google credentials that can unlock Gmail, Drive, YouTube and connected apps. (idtheftcenter.org) That Gmail scheme built on older account-takeover tactics that start with recovery prompts and follow-up calls from people posing as Google support. PCMag reported in October 2024 that consultant Sam Mitrovic received repeated recovery notices and calls that used spoofed caller identification and a fake support email. (pcmag.com) The common thread is trust in the sender and the platform. Messages tied to Google domains or Google-operated services can look safer to users and can slip past some filters that would catch a random lookalike domain. (idtheftcenter.org) (ketv.com) Google’s public advice is blunt: don’t reply, don’t click suspicious links, and report the message inside Gmail. Google’s Gmail help pages say users who see a scam warning should mark the message as suspicious or phishing so the company can feed that signal back into its detection systems. (support.google.com 1) (support.google.com 2) For recruiters, that means candidates may now need to verify even well-written outreach that arrives from familiar infrastructure. For job seekers, it means checking the company through its official careers page or a known contact before sending a résumé, clicking a form, or signing in anywhere. (ketv.com) (idtheftcenter.org)
