Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Attackers Abuse Google’s AppSheet to Send Phishing Emails

    KnowBe4 Team | Sep 23, 2025

    Google WorkspacesHackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails.

    The campaign was spotted by researchers at Raven, who warn that attackers are sending messages that impersonate AppSheet, informing users of phony trademark violations.

    Notably, the emails are sent from AppSheet’s legitimate infrastructure, making them more likely to bypass security controls and appear legitimate to human recipients.

    “As a Google Cloud service, AppSheet inherits the trust and reputation that organizations place in Google's infrastructure,” the researchers write. “When employees see ‘appsheet.com’ in their inbox, they naturally associate it with the same security standards they expect from Gmail or Google Drive....With millions of business users building applications on the platform, AppSheet communications are common in corporate environments, making malicious emails appear routine.”

    Attackers have abused AppSheet for this purpose since at least March 2025, accounting for a good chunk of global phishing emails. Attackers are always looking for ways to slip past security filters and are increasingly abusing legitimate platforms to evade detection.

    “This AppSheet campaign represents a broader trend of legitimate service abuse,” the researchers explain. “Attackers are discovering they can achieve better results by using trusted platforms rather than building their own infrastructure.”

    Erich Kron, security awareness advocate at KnowBe4, told Hackread in a statement, “The reliance on commonly used or well-known brands in social engineering attacks is nothing new; however, these attacks still remain quite effective....These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim.”

    AI-powered security awareness training can give your organization an essential layer of defense by teaching your employees to recognize red flags associated with social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Hackread has the story.

    Topics: Phishing Cybersecurity Human Risk Management

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All