Kaspersky, a cybersecurity firm, has raised concerns over a new and increasingly sophisticated phishing technique that leverages trusted digital platforms to deceive users and steal sensitive information which highlights a growing shift in cybercriminal tactics in 2026.
According to Kaspersky researchers, attackers are now abusing legitimate services such as task management and notification systems to deliver phishing messages that appear authentic and urgent.
In an observed campaign, victims receive what looks like a genuine notification prompting them to complete a task. The message often mimics internal corporate communication, increasing the likelihood that users will trust and act on it.
Once a user clicks the embedded link, they are redirected to a fraudulent webpage disguised as a legitimate form, such as an employee verification portal.
There, victims are tricked into entering corporate login credentials, which are then harvested by attackers for unauthorized access, data theft, or further cyberattacks.
Kaspersky noted that this method reflects a broader trend in phishing campaigns which is the misuse of trusted platforms to bypass traditional security filters. Because these messages originate from legitimate domains, they are less likely to be flagged as suspicious, making them particularly dangerous.
The development comes amid a wider surge in phishing attacks globally, with experts warning that such threats are becoming more sophisticated and persistent.
Increasingly, cybercriminals rely on social engineering which manipulate human behaviour rather than exploiting technical vulnerabilities to gain access to sensitive systems.
Kaspersky advises users to remain cautious when receiving unsolicited notifications, even from familiar services. Users are urged to verify links before clicking, avoid sharing sensitive information on untrusted pages, and enable multi-factor authentication to enhance account security.
For organisations, the company recommends deploying advanced email security solutions and conducting regular cybersecurity awareness training to help employees and respond to evolving phishing threats.
As digital adoption accelerates across Africa and beyond, vigilance and user awareness will remain critical in combating the next generation of phishing attacks.
