The Federal Bureau of Investigation (FBI) has issued an urgent warning about a rapidly spreading phishing scam that can hijack Microsoft 365 accounts.
The scam referred to as Kali365 is a phishing-as-a-service platform that enables cybercriminals to capture OAuth tokens. These digital keys grant applications access to user data.
Once data is accessed, hackers can infiltrate Outlook, Teams, and OneDrive as if they are authentic users.
How the Kali365 scam works
Victims receive a phishing email which is disguised as a trusted cloud service. The email has a device code that instructs the user to visit an authentic Microsoft verification page to enter it.
Once the verification is done, they unknowingly authorise the attacker’s device to access their account.
The Kali365 software program provides its users with a subscription plan starting from $250 per month. The service provides users with AI-powered phishing emails, automated templates to conduct campaigns, and even provides dashboards to track the victims in real time.
Since April, thousands of Kali365 have been reported by the security researchers targeting organisations across North America and Europe in sectors including manufacturing, healthcare, finance, and government.
The FBI suggests that organisations use “Conditional Access” policies in Microsoft Entra ID to block device code flow where applicable.
Experts also suggest introducing phishing-resistant MFA, including hardware security keys.
Officials request that individual users never click links or enter codes from unsolicited emails.
