Researchers have uncovered a new phishing campaign targeting Google Workspace organizations through fraudulent AppSheet-branded emails. The attack illustrates how traditional security controls become useless when attackers abuse legitimate infrastructure to deliver malicious content that sails past every deployed security filter.
You can find more details here: https://ravenmail.io/blog/appsheet-phishing-scam
Erich Kron, security awareness advocate at KnowBe4, commented:
“The reliance on commonly used or well-known brands in social engineering attacks is nothing new, however, these attacks still remain quite effective. Leveraging brands that are known to potential victims exploits the trust that these brands have worked so hard to establish. These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim.
“While people can be suspicious about emails sent from spoofed accounts, by using a platform that sends from a known and trusted source, many technical filters and controls are bypassed, and a key red flag is taken away from the potential victim. It is important that people learn multiple ways to identify potential social engineering attacks, including identifying potentially harmful URLs and other traps.
“Organizations should be aware of attacks such as this and consider the importance of a strong and well-organized human risk management process. This includes technical controls and education.”
This is another example of why you always need to be on your toes as the bad guys in cyberspace are trying to stay one step ahead of you so that they can make your life miserable.
Like this:
Like Loading...
Related
This entry was posted on September 11, 2025 at 2:51 pm and is filed under Commentary with tags Ravenmail. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Phishing Campaign Leverages Google AppSheet to Steal Login Credentials
Researchers have uncovered a new phishing campaign targeting Google Workspace organizations through fraudulent AppSheet-branded emails. The attack illustrates how traditional security controls become useless when attackers abuse legitimate infrastructure to deliver malicious content that sails past every deployed security filter.
You can find more details here: https://ravenmail.io/blog/appsheet-phishing-scam
Erich Kron, security awareness advocate at KnowBe4, commented:
“The reliance on commonly used or well-known brands in social engineering attacks is nothing new, however, these attacks still remain quite effective. Leveraging brands that are known to potential victims exploits the trust that these brands have worked so hard to establish. These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim.
“While people can be suspicious about emails sent from spoofed accounts, by using a platform that sends from a known and trusted source, many technical filters and controls are bypassed, and a key red flag is taken away from the potential victim. It is important that people learn multiple ways to identify potential social engineering attacks, including identifying potentially harmful URLs and other traps.
“Organizations should be aware of attacks such as this and consider the importance of a strong and well-organized human risk management process. This includes technical controls and education.”
This is another example of why you always need to be on your toes as the bad guys in cyberspace are trying to stay one step ahead of you so that they can make your life miserable.
Share this:
Like this:
Related
This entry was posted on September 11, 2025 at 2:51 pm and is filed under Commentary with tags Ravenmail. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.