Watch out - that Google Tasks email could be a scam, and land you in hot water at work

• Hackers are abusing Google Tasks to deliver phishing emails
• Fake tasks trigger legitimate Google notifications, bypassing spam filters
• Victims see trusted Google domain, but links lead to credential-stealing pages disguised as login screens

Hackers are exploiting Google’s to-do service to launch phishing attacks and bypass spam email filters.

Google Tasks is a simple task management app that comes as part of its Workspace suite, helping users organize and track to-do lists, and integrate them with Gmail, Google Calendar, and other Google services.

But a new Kaspersky report has warned, cybercriminals have started creating fake tasks and assigning them to people by adding their email addresses. When that happens, Google automatically sends out a notification to the email added in the task, bypassing all email protections and landing directly in the victim’s inbox.