FBI warns of Kali365 phishing scam targeting Microsoft 365 users - UPI.com

The Federal Bureau of Investigations issued a public service announcement Monday to warn of a phishing scam that targets Microsoft 365 users. File Photo by Sascha Steinbach/EPA

June 15 (UPI) -- The Federal Bureau of Investigations issued a public service announcement Monday to warn of a phishing scam that targets Microsoft 365 users.

The cybersecurity threat stems from the platform Kali365 which the FBI describes as a Phishing-as-a-Service platform. Kali365 has been mainly distributed on Telegram and enables hackers to bypass multi-factor authentication without the need for a user's log-in credentials.

Cyberattackers send phishing emails purporting to be a reputable cloud or document-sharing service. The emails contain codes and instructions for visiting a real Microsoft verification page where the code is then entered. When the victim inputs the device code, they are unwittingly authorizing the cyberattacker's device to access their account.

Once a cyberattacker has successfully pulled off the phishing scam, they have access to the victim's Microsoft services including Outlook email, Teams and OneDrive cloud service.