Hackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails.
The campaign was spotted by researchers at Raven, who warn that attackers are sending messages that impersonate AppSheet, informing users of phony trademark violations.
Notably, the emails are sent from AppSheet’s legitimate infrastructure, making them more likely to bypass security controls and appear legitimate to human recipients.
“As a Google Cloud service, AppSheet inherits the trust and reputation that organizations place in Google’s infrastructure,” the researchers write. “When employees see ‘appsheet.com’ in their inbox, they naturally associate it with the same security standards they expect from Gmail or Google Drive….With millions of business users building applications on the platform, AppSheet communications are common in corporate environments, making malicious emails appear routine.”
Attackers have abused AppSheet for this purpose since at least March 2025, accounting for a good chunk of global phishing emails. Attackers are always looking for ways to slip past security filters and are increasingly abusing legitimate platforms to evade detection.
“This AppSheet campaign represents a broader trend of legitimate service abuse,” the researchers explain. “Attackers are discovering they can achieve better results by using trusted platforms rather than building their own infrastructure.”
Erich Kron, security awareness advocate at KnowBe4, told Hackread in a statement, “The reliance on commonly used or well-known brands in social engineering attacks is nothing new; however, these attacks still remain quite effective….These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim.”
AI-powered security awareness training can give your organization an essential layer of defense by teaching your employees to recognize red flags associated with social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Hackread has the story.
