FBI warns Microsoft users about passwordless scam
The FBI is warning Microsoft users about a new phishing-as-a-service platform called Kali365 that can sneak past multifactor authentication and give crooks access to Outlook, Teams, and OneDrive. This scam can get into a user's account without stealing their password by abusing Microsoft's device code login process. The Kali365 platform provides attackers with AI-generated phishing messages, automated campaign templates, and tools that capture OAuth tokens, which can let an app stay connected to a Microsoft account without asking for a password every time.
- ▪Kali365 is a phishing-as-a-service platform that targets Microsoft 365 accounts, including Outlook, Teams, and OneDrive.
- ▪The platform was first seen in April 2026 and has mainly spread through Telegram.
- ▪Kali365 can beat multifactor authentication by abusing Microsoft's device code login process and capturing OAuth tokens.
Opening excerpt (first ~120 words) tap to expand
Microsoft FBI warns Microsoft users about passwordless scam A new Kali365 phishing kit can sneak past multifactor authentication and give crooks access to Outlook, Teams and OneDrive By Kurt Knutsson, CyberGuy Report Fox News Published June 28, 2026 9:53am EDT Facebook Twitter Threads Flipboard Comments Print Email Add Fox News on Google close Video Google general counsel explains AI-powered phishing rise Halimah Delaine Prado, Google General Counsel, reveals the rise of AI-powered phishing scams originating from China's 'outsider enterprise.' She explains how these criminals use artificial intelligence to create highly convincing fake websites, impersonating trusted brands like T-Mobile to defraud hundreds of thousands of Americans, causing millions in losses.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Fox News.