The FBI just issued an urgent warning for anyone using Microsoft Teams, Outlook, or OneDrive over a new phishing scheme

The Federal Bureau of Investigation issued an urgent warning this week regarding a sophisticated phishing scheme targeting users of Microsoft 365 products, including Outlook, Teams, and OneDrive. This scam exploits a hacking platform known as Kali365, which allows cybercriminals to capture Microsoft authentication tokens and bypass multifactor authentication without needing a user's password. Kali365, first observed in April 2026, targets OAuth device codes, which are digital keys enabling applications to access data. By obtaining these codes, attackers gain access to Microsoft 365 accounts and sensitive information. The subscription-based service is promoted via Telegram and is available to scammers for as little as $250 per month or $2,000 annually, according to Bitdefender. The FBI highlighted that Kali365 lowers the entry barrier for less technical attackers by providing AI-generated phishing lures, automated campaign templates, and real-time tracking dashboards. Security researchers reported hundreds of Kali365 attacks in April alone. The attack begins with a phishing email impersonating a trusted cloud service, containing a device code and directing the recipient to a legitimate Microsoft verification page. Upon entering the code, the user unknowingly grants the attacker full account access by allowing them to capture the OAuth access token.