The Federal Bureau of Investigation (FBI) has issued an urgent warning about a rapidly spreading phishing scam that can hijack Microsoft 365 accounts.
The scam called Kali365 is a phishing-as-a-service platform that allows cybercriminals to capture OAuth tokens. These digital keys give applications access to user data.
Once data is accessed, hackers can infiltrate Outlook, Teams, and OneDrive as if they were authentic users.
How the Kali365 scam works
Victims receive a phishing email disguised as a trusted cloud service. The email has a device code that instructs the user to visit an authentic Microsoft verification page to enter it.
Once the verification is done, they unknowingly authorize the attacker’s device to access their account.
The Kali365 software program provides its users with a subscription plan that starts from $250 per month. month. The service provides users with AI-powered phishing emails, automated templates to execute campaigns, and even provides dashboards to track victims in real-time.
Since April, thousands of Kali365 attacks have been reported by security researchers targeting organizations across North America and Europe in sectors including manufacturing, healthcare, finance and government.
The FBI suggests that organizations use “Conditional Access” policies in Microsoft Entra ID to block device code flow where appropriate.
Experts also suggest introducing phishing-resistant MFA, including hardware security keys.
Officials request that individual users never click on links or enter codes from unsolicited emails.
