By leveraging Google’s trusted @google.com email domain and notification system, attackers are able to evade many traditional email security filters and take advantage of users’ familiarity with well-known platforms.
Kaspersky has uncovered a new phishing campaign that abuses legitimate Google Tasks notifications to steal corporate login credentials, underscoring a growing trend where cybercriminals exploit trusted cloud services to bypass security controls. By leveraging Google’s trusted @google.com email domain and notification system, attackers are able to evade many traditional email security filters and take advantage of users’ familiarity with well-known platforms.
In this campaign, victims receive an authentic-looking Google Tasks notification with the subject line “You have a new task.” The message is crafted to appear as if the recipient’s organization has adopted Google Tasks for internal workflows. To increase the likelihood of interaction, attackers introduce urgency through high-priority markers and short deadlines, pressuring recipients to act quickly without scrutiny.
When users click the embedded link in the notification, they are redirected to a fraudulent webpage disguised as an “employee verification” form. On this page, victims are asked to enter their corporate login details under the pretense of confirming their employment status. Once captured, these credentials can be exploited for unauthorized access to corporate systems, data theft, or as a gateway for further cyberattacks.
According to Roman Dedenok, Anti-Spam Expert at Kaspersky, this technique is part of a broader and persistent trend continuing into 2026, where cybercriminals misuse legitimate platforms to distribute phishing scams. Notifications originating from trusted domains are more likely to bypass spam and phishing defenses, while social engineering tactics that mimic internal company processes significantly lower users’ guard.
To mitigate the risk of such attacks, Kaspersky advises users to treat unsolicited notifications with caution, even if they come from trusted services, carefully inspect URLs before clicking, and avoid calling phone numbers listed in suspicious messages. Users should instead verify contact details through official service websites and enable multi-factor authentication on all accounts.
For organizations, Kaspersky recommends deploying Kaspersky Security for Mail Server, which provides multi-layered protection powered by machine learning to counter evolving email-based threats. Individual users are encouraged to use Kaspersky Premium, which includes AI-powered anti-phishing features designed to help prevent credential theft and strengthen overall cybersecurity posture.
