Cyber Press reported:
Over 3,000 organizations fell victim to a sophisticated phishing campaign in December 2025 that weaponized Google’s legitimate application infrastructure to evade enterprise email security systems.
The threat actors impersonated legitimate Google Tasks notifications, crafting messages that appeared as internal task assignments requiring employee verification.
Recipients encountered prompts such as “View task” or “Mark complete” that redirected them to malicious pages hosted on Google Cloud Storage.
Click to read the original article and see a visual of the emails here.
The threat actors impersonated legitimate Google Tasks notifications, crafting messages that appeared as internal task assignments requiring employee verification.
Recipients encountered prompts such as “View task” or “Mark complete” that redirected them to malicious pages hosted on Google Cloud Storage.
Click to read the original article and see a visual of the emails here.
Key Takeaway: Never click on links within emails for trusted platforms. Use your bookmarked link instead.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat