If you receive a text from a random number offering you a job, it’s almost certainly a scam, and you likely know to ignore and delete the message and move on with your life. But a message from a recruiter with a link to an employment application may give you pause—and fraudsters are hoping that you’ll believe it just enough to hand over your personal information. Malwarebytes recently identified a phishing scam that uses fake Google Forms posing as job applications to harvest user account credentials.
How the Google Forms job scam works
This specific campaign involves a fake Google Forms site that impersonates the real thing. Links sent to scam targets—likely via email or LinkedIn—direct to forms.google.ss-o[.]com, which looks like a subdomain of the legitimate forms.google.com. (It isn’t.) The “ss-o” may be a trust signal for “single sign-on” and fail to raise red flags for many users. Each target receives a personalized URL, which leads to a (fake) Google Form inviting the user to apply for a job.
As Malwarebytes found, the fake page uses the standard Google Forms colors, header, and disclaimers. The form itself is greyed out behind a pop-up prompting users to “sign in to continue.” Again, this doesn’t look particularly suspicious for a typical Google flow. But the sign-in button redirects to another domain that has been used in multiple phishing attacks to harvest credentials.
Fraudsters have long used Google apps to perpetuate phishing schemes. A 2025 campaign targeting students, faculty, and staff at U.S. colleges and universities used Google Forms that mimicked legitimate school communications to collect login credentials entered directly into the form itself. (Google warns you to never, ever do this.) And numerous attacks on Gmail users have leveraged shared Google Docs to direct victims to a fake sign-in page.
How to avoid phishing attempts on your Google credentials
As always, your first red flag for a scam is a link sent via an unsolicited job offer—even if that link goes to a seemingly legitimate site. Scammers have all kinds of tricks for spoofing URLs and using recognizable domains to gain your trust. Always hover over hyperlinks to see the actual destination before clicking, and look carefully for additions or misspellings in the URL.
What do you think so far?
Plus, you should probably be wary of any job application submitted via Google Forms. Do your due diligence in speaking with an actual human, and do not send sensitive personal information through Google Forms.
This is also a good reason to use a password manager, which won’t allow you to fill login credentials on a fake site. If your password manager gives you a warning or prevents you from using autofill, don’t override it.
