What Is The Kali365 Phishing Scam Targeting Microsoft 365 Users?

Heads up! Users of the popular Microsoft 365 products Outlook, Teams and OneDrive are being targeted by scammers according to an alert from the Federal Bureau of Investigation (FBI).

The alert from .the FBI’s Internet Crime Complaint Center is warning about Kali365, a new scam that allows cybercriminals to capture Microsoft tokens to bypass multi-factor authentication without stealing a user’s passwords.

Get our free mobile app

By-passing the multi-factor authentication allows cyber criminals to gain access to information for a host of malicious activity, including data theft, fraud, extortion and ransomware attacks according to the agency.

According to the agency's Public Service Announcement, "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities."

The FBI offers tips on protection:

Restricting device code flow to limit or block device authentication codes can help prevent or limit this style of attack.

Create a conditional access policy to block device code flow for all users, with limited exceptions for required business processes.
Audit existing device code flow usage to identify legitimate dependencies before creating a conditional access policy.
Block authentication transfer policies to prevent users from transferring authentication from computers to mobile devices.
If you cannot completely restrict device code flow usage, exclude emergency access accounts to prevent lockouts.

If you or someone you know has been impacted by the Kali365 Phishing kit, file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov. Be sure to include any available information, such as: