For example, a teacher could have a Google Sheets file with student grades, and by using Google Apps Script, they would be able to send personalized emails automatically, saving hours of manual work.

“In short, Google Apps Script attacks may bypass local anti-phishing controls,” said Beggs, “however, the information that flags an attack remains present, and diligent users will be able to ...

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools.