{"id":35978,"date":"2026-02-19T19:40:54","date_gmt":"2026-02-19T08:40:54","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/google-tasks-phishing\/35978\/"},"modified":"2026-02-19T19:41:03","modified_gmt":"2026-02-19T08:41:03","slug":"google-tasks-phishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/google-tasks-phishing\/35978\/","title":{"rendered":"Phishing via Google Tasks"},"content":{"rendered":"<p>We\u2019ve written time and again about phishing schemes where attackers exploit various legitimate servers to deliver emails. If they manage to hijack someone\u2019s SharePoint server, they\u2019ll <a href=\"https:\/\/www.kaspersky.com\/blog\/sharepoint-notification-scam\/47593\/\" target=\"_blank\" rel=\"noopener nofollow\">use that<\/a>; if not, they\u2019ll settle for sending notifications through a free service <a href=\"https:\/\/www.kaspersky.com\/blog\/getshared-scam-emails\/53288\/\" target=\"_blank\" rel=\"noopener nofollow\">like GetShared<\/a>. However, Google\u2019s vast ecosystem of services holds a special place in the hearts of scammers, and this time Google Tasks is the star of the show. As per usual, the main goal of this trick is to bypass email filters by piggybacking the rock-solid reputation of the middleman being exploited.<\/p>\n<h2>What phishing via Google Tasks looks like<\/h2>\n<p>The recipient gets a legitimate notification from an <em>@google.com<\/em> address with the message: \u201cYou have a new task\u201d. Essentially, the attackers are trying to give the victim the impression that the company has started using Google\u2019s task tracker, and as a result they need to immediately follow a link to fill out an employee verification form.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2026\/02\/19194101\/google-tasks-phishing-notification.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2026\/02\/19194101\/google-tasks-phishing-notification.png\" width=\"716\" height=\"501\" alt=\"Google Tasks notification\" class=\"wp-image-55327 aligncenter size-full\"><\/a><\/p>\n<p>To deprive the recipient of any time to actually think about whether this is necessary, the task usually includes a tight deadline and is marked with high priority. Upon clicking the link within the task, the victim is presented with an URL leading to a form where they must enter their corporate credentials to \u201cconfirm their employee status\u201d. These credentials, of course, are the ultimate goal of the phishing attack.<\/p>\n<h2>How to protect employee credentials from phishing<\/h2>\n<p>Of course, employees should be warned about the existence of this scheme \u2014 for instance, by sharing a link to our <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/signs-of-phishing\/\" target=\"_blank\" rel=\"noopener nofollow\">collection of posts on the red flags of phishing<\/a>. But in reality, the issue isn\u2019t with any one specific service \u2014 it\u2019s about the overall cybersecurity culture within a company. Workflow processes need to be clearly defined so that every employee understands which tools the company actually uses and which it doesn\u2019t. It might make sense to maintain a public corporate document listing authorized services and the people or departments responsible for them. This gives employees a way to verify if that invitation, task, or notification is the real deal. Additionally, it never hurts to remind everyone that corporate credentials should only be entered on internal corporate resources. To automate the training process and keep your team up to speed on modern cyberthreats, you can use a dedicated tool like the <a href=\"https:\/\/k-asap.com\/en\/?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">Kaspersky Automated Security Awareness Platform<\/a>.<\/p>\n<p>Beyond that, as usual, we recommend minimizing the number of potentially dangerous emails hitting employee inboxes by using a <a href=\"https:\/\/www.kaspersky.com.au\/small-to-medium-business-security\/mail-security-appliance?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">specialized mail gateway security solution<\/a>. It\u2019s also vital to equip all web-connected workstations with <a href=\"https:\/\/www.kaspersky.com.au\/next?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kdaily_wpplaceholder_sm-team___knext____d4bb560012e498a0\" target=\"_blank\" rel=\"noopener\">security software<\/a>. Even if an attacker manages to trick an employee, the security product will block the attempt to visit the phishing site \u2014 preventing corporate credentials from leaking in the first place.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kaspersky-next\">\n","protected":false},"excerpt":{"rendered":"<p>Attackers are delivering phishing links via Google Tasks notifications.<\/p>\n","protected":false},"author":2598,"featured_media":35981,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2993,2994],"tags":[19,22,76,3613],"class_list":{"0":"post-35978","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-email","11":"tag-google","12":"tag-phishing","13":"tag-signs-of-phishing"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-tasks-phishing\/35978\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-tasks-phishing\/30222\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-tasks-phishing\/25299\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-tasks-phishing\/30094\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/google-tasks-phishing\/31882\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/google-tasks-phishing\/30498\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/google-tasks-phishing\/41364\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/google-tasks-phishing\/14312\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-tasks-phishing\/55326\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/google-tasks-phishing\/23664\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/google-tasks-phishing\/24774\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/google-tasks-phishing\/33236\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/google-tasks-phishing\/30329\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-tasks-phishing\/35634\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/signs-of-phishing\/","name":"signs of phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/35978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=35978"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/35978\/revisions"}],"predecessor-version":[{"id":35980,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/35978\/revisions\/35980"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/35981"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=35978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=35978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=35978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}