Job scammers are using a Google tool to make their emails appear more legitimate — landing in users’ primary inboxes, bypassing spam filters and targeting recipients with job offers tailored to their experience.Take a closer look at one example shared with the National Consumer Unit:The email comes from noreply@appsheet.com. It’s polished, professionally written and offers a job that closely matches the recipient’s background.There’s just one problem: it’s a scam.The recipient who shared the message said he received several similar emails, all of which went straight to his main inbox instead of being flagged as spam. Several Reddit users have reported similar experiences in recent weeks.How it worksThe emails are sent using AppSheet, a Google platform that allows companies to build apps and automate tasks without coding.Google says scammers are exploiting that system by creating their own automated workflows to distribute phishing messages.A Google spokesperson provided the following statement: “We are aware of these phishing campaigns and have taken action to block the accounts and apps violating our policies. We have also implemented additional automated protections to detect and prevent similar abuse of AppSheet’s communication features. While our systems successfully block more than 99.9% of spam, phishing, and malware, we encourage users to remain vigilant. We recommend reporting any suspicious emails as ‘phishing’ within Gmail, which helps our AI models better identify and block evolving tactics in real-time.”What scammers are after Security researchers say these emails are often just the first step in a more complex phishing scheme.NordVPN provided the National Consumer Unit with research from its Threat Intelligence team, which identified a campaign in which attackers impersonate major brands, including Meta, Disney, Coca-Cola and Spotify. The campaign uses realistic recruitment emails, sometimes delivered through services like AppSheet, that direct victims to fake job portals.Researchers say contact lists are likely compiled through automated scraping of platforms like LinkedIn or sourced from previous data breaches. Victims who click links in the emails can be routed through a series of fake application pages before ultimately landing on a phishing site that prompts them to log in via Facebook to “proceed with the application.” The page is designed to capture credentials, potentially giving attackers control of the victim’s account and access to other connected services.What you should doIf you get an email like this, do not engage and report it as phishing.To confirm whether a job is legitimate, go directly to the company’s official website and apply through its listed channels.Stay Connected with the National Consumer UnitGet clear, actionable consumer reporting delivered across platforms.Follow National Consumer Correspondent Allie Jasinski for real-time updates, myth-busting videos and behind-the-scenes reporting on Instagram, TikTok and YouTube.Have a question you’d like us to investigate? Email us at askallie@hearst.com.
Job scammers are using a Google tool to make their emails appear more legitimate — landing in users’ primary inboxes, bypassing spam filters and targeting recipients with job offers tailored to their experience.
Take a closer look at one example shared with the National Consumer Unit:
Hearst Owned
A scam email that was recently sent to the National Consumer Unit
Hearst Owned
A closer look at the email, which shows the address replies would go to.
The email comes from noreply@appsheet.com. It’s polished, professionally written and offers a job that closely matches the recipient’s background.
There’s just one problem: it’s a scam.
The recipient who shared the message said he received several similar emails, all of which went straight to his main inbox instead of being flagged as spam. Several Reddit users have reported similar experiences in recent weeks.
How it works
The emails are sent using AppSheet, a Google platform that allows companies to build apps and automate tasks without coding.
Google says scammers are exploiting that system by creating their own automated workflows to distribute phishing messages.
A Google spokesperson provided the following statement:
“We are aware of these phishing campaigns and have taken action to block the accounts and apps violating our policies. We have also implemented additional automated protections to detect and prevent similar abuse of AppSheet’s communication features. While our systems successfully block more than 99.9% of spam, phishing, and malware, we encourage users to remain vigilant. We recommend reporting any suspicious emails as ‘phishing’ within Gmail, which helps our AI models better identify and block evolving tactics in real-time.”
What scammers are after
Security researchers say these emails are often just the first step in a more complex phishing scheme.
NordVPN provided the National Consumer Unit with research from its Threat Intelligence team, which identified a campaign in which attackers impersonate major brands, including Meta, Disney, Coca-Cola and Spotify. The campaign uses realistic recruitment emails, sometimes delivered through services like AppSheet, that direct victims to fake job portals.
Researchers say contact lists are likely compiled through automated scraping of platforms like LinkedIn or sourced from previous data breaches.
Victims who click links in the emails can be routed through a series of fake application pages before ultimately landing on a phishing site that prompts them to log in via Facebook to “proceed with the application.” The page is designed to capture credentials, potentially giving attackers control of the victim’s account and access to other connected services.
What you should do
If you get an email like this, do not engage and report it as phishing.
To confirm whether a job is legitimate, go directly to the company’s official website and apply through its listed channels.
Stay Connected with the National Consumer Unit
Get clear, actionable consumer reporting delivered across platforms.
Follow National Consumer Correspondent Allie Jasinski for real-time updates, myth-busting videos and behind-the-scenes reporting on Instagram, TikTok and YouTube.
Have a question you’d like us to investigate? Email us at askallie@hearst.com.
