JAKARTA - Kaspersky has discovered a new phishing scheme that abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials.
By leveraging the @google.com email domain and Google's trusted notification system, attackers bypass traditional email security filters and exploit users' trust in familiar services.
During this campaign, victims receive a notification that appears to be legitimate from Google Tasks with a subject that often includes elements of urgency, such as a high priority flag and a strict deadline, to encourage an immediate response from the victim.
After clicking the link, users are directed to a fake form disguised as an "employee verification" page that asks them to enter company credentials under the guise of confirming their status.
The stolen credentials can then be used for unauthorized access to company systems, data theft, or further attacks.
To counter this and similar threats, Kaspersky recommends:
Be wary of unsolicited invitations from any platform, even if they seem to come from a trusted source. Check the URL carefully before clicking. Do not call the phone number listed in suspicious emails. Report suspicious emails to platform providers and use multi-factor authentication for all accounts. For corporate users, use layered security solutions to provide protection from a variety of evolving threats. For individual users, use AI-based anti-phishing solutions to avoid phishing attacks and improve overall cybersecurity.The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
Most Popular Tags
#Prabowo Subianto #donald trump #National Education Day #Hajj pilgrimage 2025 #fuel crisis #konflik timur tengahPopular
