Kaspersky has uncovered a new phishing scheme that abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials. By leveraging Google's trusted @google.com email domain and notification system, attackers bypass traditional email security filters and exploit users' trust in familiar services.

In this campaign, victims receive an authentic-looking notification from Google Tasks with the subject line “You have a new task.” The message creates the illusion that the recipient's company has adopted Google's task management tool, pressuring them to act quickly. The notification often includes elements of urgency, such as a high-priority flag and a tight deadline, to prompt the victim’s immediate response.

An email sent by the attackers via Google Tasks

Upon clicking the embedded link, users are directed to a fraudulent form disguised as an “employee verification” page, where they are asked to enter their corporate credentials under the pretense of confirming their status. These stolen credentials can then be used for unauthorized access to company systems, data theft, or further attacks.

“Google’s vast ecosystem of services gets exploited by scammers. The scheme with Google Tasks is part of a broader trend observed before and continuing into 2026, where cybercriminals misuse legitimate platforms to distribute scams and phishing. Notifications originating from legitimate domains naturally evade many spam and phishing filters, while the social engineering aspect – making it seem like an internal company process – lowers the victim’s guard,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.

Read the article about this tactic on Kaspersky’s blog.

To counter this and similar threats, Kaspersky recommends:

  • Treat unsolicited invitations from any platform with suspicion, even if they appear to come from trusted sources
  • Carefully inspect URLs before clicking
  • Do not call any phone numbers indicated in suspicious emails – if you need to call support of a certain service, it is best to find the phone number on the official webpage of this service
  • Report suspicious emails to the platform provider and use multi-factor authentication for all accounts
  • For corporate users, Kaspersky Security for Mail Server with its multi-layered defense mechanisms powered by machine learning algorithms provides robust protection against a wide range of evolving threats and offers peace of mind to businesses in the face of evolving cyber risks
  • For individual users, Kaspersky Premium offers AI-powered anti phishing features designed to help avoid phishing attacks and improve overall cybersecurity

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.