These “job Applications” Are Actually Scams.
If you receive a text message from an unfamiliar number offering a job, it’s almost certainly a scam , and you likely know to ignore it, delete it, and move on. But a message from a recruiter with a link to a job application might give you pause—and the scammers hope you’ll trust them enough to hand over your personal information. Malwarebytes recently uncovered a phishing scam that uses fake Google Forms, posing as job application forms, to harvest user credentials.
How the Google Forms Job Posting Scam Works
This particular ad campaign uses a fake Google Forms website to mimic the real thing. Links sent to victims of the scam—likely via email or LinkedIn—direct to forms.google.ss-o[.]com, which appears to be a subdomain of the legitimate forms.google.com. (It isn’t.) The “ss-o” may be a signal of trust for the “single sign-on” feature and won’t arouse suspicion in many users. Each victim receives a personalized URL that leads to a (fake) Google Forms form inviting the user to apply for a job.
As Malwarebytes discovered, the fake page uses the standard Google Forms colors, title, and warnings. The form itself is hidden behind a pop-up window prompting users to “log in to continue.” Again, for a typical Google interface, this doesn’t look particularly suspicious. However, the login button redirects to a different domain, which has been used in numerous phishing attacks to harvest credentials.
Scammers have long exploited Google apps to carry out phishing attacks. In 2025, a campaign targeting students, faculty, and staff at American colleges and universities used Google Forms, impersonating legitimate educational institutions, to collect credentials entered directly into the form. (Google warns against this.) Numerous attacks on Gmail users exploited shared Google Docs documents to redirect victims to a fake login page.
How to avoid phishing attacks using your Google credentials
As always, the first sign of a scam is a link sent as part of an unsolicited job offer—even if it leads to a seemingly legitimate website. Scammers use a variety of tricks to spoof URLs and use recognizable domains to gain your trust. Always hover over hyperlinks to see the actual address before clicking them, and carefully check the URL for additions or spelling errors.
Additionally, be wary of any job applications submitted via Google Forms. Exercise due diligence and contact a real person rather than submitting sensitive personal information via Google Forms.
This is also a compelling reason to use a password manager that prevents you from entering your login credentials on a fake website. If your password manager displays a warning or prevents you from using autofill, don’t ignore it.