SECURITYFOX NEWS
FBI warns Microsoft users about passwordless scam
The FBI warns about a phishing-as-a-service platform called Kali365 targeting Microsoft 365 accounts. The scam bypasses multifactor authentication by exploiting Microsoft's device code login process to steal OAuth tokens, granting attackers access to Outlook, Teams, and OneDrive without requiring passwords.
Mentioned
Related Signal
Adjacent reporting
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
- FBI warns of major phishing scam, with hackers ‘hijacking' Microsoft Outlook, 365 users
- FBI warns about fast-growing phishing kit targeting Microsoft 365 users
- FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
- Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says