The Federal Bureau of Investigation (FBI) has issued an urgent warning about a rapidly spreading phishing scam that can hijack Microsoft 365 accounts.
The scam called Kali365 is a phishing platform as a service that allows cybercriminals to capture OAuth tokens. These digital keys allow applications to access user data.
Once the data is accessed, hackers can infiltrate Outlook, Teams, and OneDrive as if they were genuine users.
How the Kali365 Scam Works
Victims receive a phishing email disguised as a trusted cloud service. The email contains a device code that asks the user to visit a genuine Microsoft verification page to enter it.
Once verified, they unknowingly allow the attacker’s device to access their account.
Kali365 software offers its users a subscription plan starting at $250 per month. The service provides users with AI-powered phishing emails, automated templates for running campaigns, and even provides dashboards to track victims in real-time.
Since April, thousands of Kali365s have been reported by security researchers targeting organizations in North America and Europe in industries including manufacturing, healthcare, finance and government.
The FBI suggests that organizations use “conditional access” policies in Microsoft Entra ID to block the flow of code from the device, if applicable.
Experts also suggest introducing phishing-resistant MFA, including hardware security keys.
Officials ask individual users never to click on links or enter codes from unsolicited emails.
