The FBI has issued an urgent warning regarding a sophisticated new phishing platform called “Kali365” that is successfully targeting Microsoft 365 users.
Unlike typical scams that aim to steal your password, this tool bypasses multi-factor authentication entirely by hijacking “OAuth” digital token.
The process is deceptively simple: attackers send emails impersonating trusted cloud services which instruct victims to enter a device code on a legitimate Microsoft verification page.
By entering this code, users unknowingly authorize the attacker’s device to access their account. Once the token is captured, hackers gain persistent full access to Outlook, Teams and OneDrive without needing a password or further security challenges.
Highlighting the ease of use for cybercriminals, the FBI noted, “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual-entity tracking dashboards and OAuth token capture capabilities.”
To stay safe, the FBI advises organizations to restrict or block “device code flow” through conditional access policies.
If you suspect your account has been compromised, you should report the incident immediately to the Internet Crime Complaint Center at ic3.gov, including details like suspicious logins, phishing emails and any unauthorized active sessions.
