FBI alerts Microsoft 365 users to Kali365 scam

The FBI released an urgent security warning about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency said the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to bypass multi-factor authentication without needing a password.

Scammers send phishing emails impersonating a trusted document-sharing service that include a device code and instructions on how to verify, the FBI stated.

"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI said.

The platform is sold to scammers with a $250-a-month subscription. The FBI first detected Kali365 in April and described it as an "emerging Phishing-as-a-Service platform" (PhaaS).

Hackers with limited skills can access advanced phishing tools through PhaaS platforms, according to NordPass. The FBI advised users to report phishing emails, suspicious logins and any unauthorized devices or active sessions added to the account to the Internet Crime Complaint Center. The FBI also urged users not to open links with access codes that they did not request.

The Hill has reached out to Microsoft for comment.