FBI Warns of New Phishing Tool Targeting Microsoft 365 Accounts
The FBI says Kali365 uses device-code phishing and OAuth token theft to let attackers access Outlook, OneDrive and Teams without extra MFA prompts.
- The FBI released a Thursday advisory warning about Kali365, a phishing-as-a-service platform allowing hackers to bypass multifactor authentication and gain persistent access to Microsoft 365 environments without user credentials.
- Artificial intelligence has transformed phishing attacks, enabling cybercriminals to generate polished emails in multiple languages within seconds that mimic legitimate workplace notifications, lowering users' defenses against increasingly convincing scams.
- Starting in February, campaigns using Kali365 targeted more than 340 organizations across the U.S., Canada, Australia, New Zealand and Germany, providing less-technical attackers access to automated phishing templates, victim tracking dashboards and OAuth token capture capabilities.
- To mitigate Kali365 threats, the FBI recommends organizations restrict device code flow and exclude emergency access accounts, while successful compromise grants attackers persistent access to Teams, Outlook and OneDrive without repeated password verification.
- As AI enables more convincing phishing campaigns, security experts warn that multifactor authentication alone cannot prevent account compromise if users accidentally authorize malicious access, particularly concerning given Microsoft 365 accounts contain years of sensitive data.
22 Articles
22 Articles
Cyber attackers hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says
A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users' accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.
Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says
A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users' accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.
FBI warns of phishing scam targeting Microsoft 365 accounts
(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images) The FBI is warning the public about a new phishing scam called Kali365 that lets hackers break into Microsoft 365 accounts and bypass multi-factor authentication, giving them ongoing access to email, files and other services.By subscribing to the Kali365 platform, hackers can steal login tokens that give them ongoing access to a victim’s Microsoft 365 account. RELATED:…
Krem2 News
FBI warns of new phishing tool targeting Microsoft 365 accounts
The FBI warned that a phishing tool can bypass Microsoft 365 passwords, giving attackers access to Teams, Outlook and more. Here's how to protect your account. (AP)
FBI warns of new AI phishing scam
A lot of people still feel relatively safe once they activate two factor authentication on their accounts. The logic seems simple. Even if somebody steals the password, they still need the verification code too. But cybersecurity experts are now warning that things no longer work that neatly. The FBI has issued a warning about a growing phishing scam targeting Microsoft 365 users that can give… Source
Coverage Details
Bias Distribution
- 80% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
