New Google AppSheet Phishing Scam Deliver Fake Trademark Notices

A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using legitimate tools to trick Google Workspace users.

A new phishing campaign is tricking Google Workspace users by sending them emails that look like they’re from AppSheet, a trusted Google service. A recently published research from Agentic AI solutions provider Raven AI reveals that attackers are now using legitimate platforms to evade standard email filters.

For your information, AppSheet is a no-code platform from Google that lets people create their own apps without writing computer code. Because it is a core part of the Google Workspace suite, emails from AppSheet are a common sight in corporate inboxes and are almost always considered safe. This inherent trust is precisely what the attackers are exploiting.

The reason this attack is hard to catch is that the hackers aren’t creating fake emails; they’re using the real thing. Their messages are sent from a legitimate @appsheet.com address ([email protected]), originate from Google’s own mail servers, and even pass all standard authentication checks like SPF, DKIM, and DMARC.

From a technical perspective, the emails are completely authentic. The attackers simply craft the content to be deceptive, using a subject line that claims to be a “trademark enforcement notice” and directing victims to a fake login page via a tricky URL shortener.

Image source: Raven AI

Raven’s AI-powered system, which initially detected the attack, noticed that the content of the email (a legal threat) was completely out of place for a notification from AppSheet. It also flagged the suspicious URL shortener, a clear indicator that the message was a scam.

Image source: Raven AI

This is not the first time AppSheet has been used in this way. Since March 2025, there has been a surge in these attacks, with a major peak observed on April 20th, when 10.88% of all global phishing emails were sent from AppSheet, report KnowBe4 Threat Labs. This proves that AppSheet has become the attackers’ go-to platform for these kinds of scams.

Raven AI’s research team concluded that security teams must look further than authentication-based security. They argue that the alternative is a future where every legitimate service becomes a potential attack vector, and traditional email security becomes obsolete. That’s why security systems must become smarter, capable of analysing not just who sent a message, but whether the message makes sense coming from that sender.

****Expert Viewpoint****

Commenting on the findings, Erich Kron, security awareness advocate at KnowBe4, shared his perspective with Hackread.com, stating, “The reliance on commonly used or well-known brands in social engineering attacks is nothing new; however, these attacks still remain quite effective,” Kron said.

He explained that by “leveraging brands that are known to potential victims,” hackers exploit the trust that these brands have worked hard to establish. “These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim.”

Kron also noted that using a trusted platform removes a key “red flag” for victims, as “many technical filters and controls are bypassed.” He stressed the importance of people learning “multiple ways to identify potential social engineering attacks, including identifying potentially harmful URLs and other traps.”