Kaspersky Warns of New Phishing Attack Abusing Google Tasks to Steal Corporate Logins - TechAfrica News

Today's Bulletin: March 18, 2026 #SECURITY Kaspersky Warns of New Phishing Attack Abusing Google Tasks to Steal Corporate Logins February 26, 2026 2 min read Author: Joyce Onyeagoro F E By leveraging Google’s trusted @google.com email domain and notification system, attackers are able to evade many traditional email security filters and take advantage of users’ familiarity with well-known platforms. Kaspersky has uncovered a new phishing campaign that abuses legitimate Google Tasks notifications to steal corporate login credentials, underscoring a growing trend where cybercriminals exploit trusted cloud services to bypass security controls. By leveraging Google’s trusted @google.com email domain and notification system, attackers are able to evade many traditional email security filters and take advantage of users’ familiarity with well-known platforms. In this campaign, victims receive an authentic-looking Google Tasks notification with the subject line “You have a new task.” The message is crafted to appear as if the recipient’s organization has adopted Google Tasks for internal workflows. To increase the likelihood of interaction, attackers introduce urgency through high-priority markers and short deadlines, pressuring recipients to act quickly without scrutiny. When users click the embedded link in the notification, they are redirected to a fraudulent webpage disguised as an “employee verification” form. On this page, victims are asked to enter their corporate login details under the pretense of confirming their employment status. Once captured, these credentials can be exploited for unauthorized access to corporate systems, data theft, or as a gateway for further cyberattacks. According to Roman Dedenok, Anti-Spam Expert at Kaspersky, this technique is part of a broader and persistent trend continuing into 2026, where cybercriminals misuse legitimate platforms to distribute phishing scams. Notifications originating from trusted domains are more likely to bypass spam and phishing defenses, while social engineering tactics that mimic internal company processes significantly lower users’ guard. To mitigate the risk of such attacks, Kaspersky advises users to treat unsolicited notifications with caution, even if they come from trusted services, carefully inspect URLs before clicking, and avoid calling phone numbers listed in suspicious messages. Users should instead verify contact details through official service websites and enable multi-factor authentication on all accounts. For organizations, Kaspersky recommends deploying Kaspersky Security for Mail Server, which provides multi-layered protection powered by machine learning to counter evolving email-based threats. Individual users are encouraged to use Kaspersky Premium, which includes AI-powered anti-phishing features designed to help prevent credential theft and strengthen overall cybersecurity posture. The TechAfrica News Podcast Follow us on LinkedIn Go to Our Page NEWSLETTER SIGNUP Sign up for our weekly newsletter and get the latest industry insights right in your inbox! Sign Up EDITOR'S CHOICE #PODCAST EP.05 | S2 | Could Satellites Free Africa from Network Limits? ST Engineering iDirect on… Omar Diab, Regional Vice President of Sales for the Middle East and Africa at ST Engineering iDirect March 18, 2026 3 min read #MWC KIGALI Rwanda’s Digital Blueprint: Minister Paula Ingabire on Driving Inclusive, Homegrown Technology Solutions Across Africa Honorable Minister Paula Ingabire November 25, 2025 3 min read IN CASE YOU MISSED IT #TECHTALKTHURSDAY How Satellites Are Accelerating Health Tech in Africa’s Rural Landscape March 12, 2026 5 min read #TECHTALKTHURSDAY 2025 vs 2026 Mobile Industry Checkpoint: Has Anything Actually Changed for Africa? March 5, 2026 6 min read