Job‑scam emails spike

A fake recruiter email can now arrive from a real Google system, which is why some job scams are landing in the main inbox instead of the spam folder. Local television stations in the United States reported this week that scammers are using Google AppSheet to send bogus hiring messages that look like ordinary recruiter outreach. (wtae.com) AppSheet is Google’s no-code app builder, and one of its normal features is automated email. Google’s own help pages show that an AppSheet “bot” can send messages when a trigger happens, like a manager approval request or a workflow update. (support.google.com) That normal feature is the opening scammers are abusing. The television report says attackers are creating their own AppSheet workflows and using them to blast out fake job offers that look polished enough to pass as recruiter messages. (mynbc5.com) The trick works because the message can come through trusted Google infrastructure instead of a throwaway domain full of spelling errors. Security reporting on earlier AppSheet phishing campaigns found that emails sent through AppSheet were more likely to bypass filters because they were delivered by legitimate AppSheet systems. (blog.knowbe4.com) This did not start with fake job offers. KnowBe4 Threat Labs said in May 2025 that it had been tracking AppSheet-based phishing since March 2025, including campaigns that impersonated Meta and tried to steal credentials and two-factor authentication codes in real time. (blog.knowbe4.com) KnowBe4 said the biggest spike it saw came on April 20, 2025, when 10.88% of the phishing emails its Defend product blocked worldwide were sent from AppSheet. That number helps explain why a local job scam story is really part of a much larger shift toward criminals hiding inside trusted business tools. (blog.knowbe4.com) Google says it knows this is happening. In a statement carried by multiple local outlets, a Google spokesperson said the company had blocked the accounts and apps violating policy and added automated protections aimed at stopping similar abuse of AppSheet communication features. (98online.com) That still leaves one hard problem for job seekers: a real company can email you first, and a scammer can now imitate that style from a platform people already trust. New Jersey’s Cybersecurity and Communications Integration Cell has been warning users not to act on unsolicited messages and to verify requests through official contact information they find themselves. (cyber.nj.gov) For a job email, that means checking whether the role exists on the employer’s actual careers page, whether the recruiter has a verifiable profile, and whether the process jumps too fast to forms, logins, or payment requests. Government and state security advisories keep repeating the same rule: do not click first and investigate later. (cyber.nj.gov) The old phishing tell was a bad sender address. The newer version is worse: a clean-looking message sent through a real platform, with the lie moved into the job offer, the link, or the form waiting on the next click. (blog.knowbe4.com)