The FBI has issued a major cybersecurity warning for users of Microsoft 365 services, including Outlook, Teams, and OneDrive. According to the agency, cybercriminals are now using a dangerous phishing platform called Kali365 that can bypass multi-factor authentication and gain long-term access to Microsoft accounts.
What makes this threat especially alarming is that attackers do not even need your password in some cases. Instead, they trick users into unknowingly granting access through Microsoft’s legitimate login system.
For millions of people who rely on Microsoft 365 for work, school, and personal communication, this warning is being treated as a serious security issue.
Table of Contents
What Is Kali365?
Kali365 is a phishing-as-a-service platform that appeared earlier in 2026. According to the FBI, the service is being distributed mainly through Telegram and allows even less-skilled cybercriminals to launch sophisticated phishing attacks.
The platform focuses on stealing OAuth access tokens rather than passwords. These tokens are essentially digital keys that allow devices and applications to stay logged into Microsoft accounts without repeatedly asking for credentials.
Once attackers capture these tokens, they can access:
- Outlook emails
- Teams conversations
- OneDrive files
- Other Microsoft 365 services
And they can often do this without triggering additional security checks.
How the Scam Works
The attack begins with a phishing email that appears legitimate.
Victims receive messages pretending to be from trusted cloud services or document-sharing platforms. The email includes a device code and instructions telling the user to visit a real Microsoft verification page.
Because the page is an actual Microsoft website, many users assume the request is safe.
After entering the code and approving access, the victim unknowingly authorizes the attacker’s device to connect to their Microsoft account. At that point, hackers can steal OAuth tokens and maintain persistent access to the account.
This approach is especially dangerous because:
- Users are not entering passwords into fake websites
- The login page itself is legitimate
- Multi-factor authentication can still be bypassed
That combination makes the scam much harder to detect than traditional phishing attacks.
Why Outlook, Teams, and OneDrive Users Are at Risk
Microsoft 365 accounts contain large amounts of valuable personal and business data.
Once attackers gain access, they may:
- Read sensitive emails
- Access private files in OneDrive
- Monitor Teams conversations
- Send phishing messages from the victim’s account
- Launch ransomware or fraud attacks
Because the stolen tokens can remain active for extended periods, attackers may continue operating inside an account without the user realizing it immediately.
This makes the threat particularly dangerous for businesses and organizations that rely heavily on Microsoft 365 collaboration tools.
Why the FBI Is Concerned
One of the FBI’s biggest concerns is how easy Kali365 makes these attacks.
According to the agency, the platform includes:
- AI-generated phishing emails
- Automated attack templates
- Real-time dashboards
- Token-stealing tools
This lowers the barrier for cybercriminals who may not have advanced technical skills.
In other words, attackers no longer need to build sophisticated phishing systems themselves. They can simply subscribe to a ready-made platform and begin targeting users almost immediately.
How to Protect Yourself
The FBI recommends several important steps to reduce the risk of becoming a victim.
Be Careful With Device Codes
If you receive an email asking you to enter a device verification code into Microsoft’s login system, treat it with caution.
Even if the website itself is legitimate, the request may still be part of a phishing attack.
Review Account Activity Regularly
Users should regularly check:
- Login history
- Connected devices
- Active sessions
- App permissions
Suspicious activity should be investigated immediately.
Limit Device Code Authentication
The FBI recommends that organizations restrict or disable device code authentication where possible. Businesses should also create conditional access policies to limit how these login methods are used.
Keep Security Settings Updated
While multi-factor authentication alone is no longer enough against this attack method, it still remains important.
Users should also:
- Use strong passwords
- Avoid clicking on unknown links
- Keep software updated
- Watch for suspicious login requests
The Bigger Cybersecurity Trend
The Kali365 threat reflects a larger shift happening in cybersecurity.
Traditional phishing attacks focused on stealing passwords. Modern attacks increasingly target authentication systems themselves, including access tokens and session credentials.
This means attackers are evolving beyond older hacking techniques and looking for ways to bypass security layers rather than directly breaking them.
AI-generated phishing campaigns are also making scams more convincing and harder to recognize.
Microsoft Users Need to Stay Alert
The FBI warning highlights how important cybersecurity awareness has become in everyday digital life.
Services like Outlook, Teams, and OneDrive are deeply connected to work, communication, and personal data. A compromised Microsoft account can quickly lead to identity theft, financial fraud, or larger business breaches.
As phishing attacks become more advanced, users can no longer rely only on traditional warning signs like fake login pages or obvious scam emails.
Final Thoughts
The FBI’s latest warning for Outlook, Teams, and OneDrive users shows how rapidly cyber threats are evolving.
The Kali365 phishing platform demonstrates that attackers are now using more sophisticated methods to bypass security protections and gain long-term access to accounts.
For Microsoft 365 users, staying cautious has become more important than ever. Even legitimate-looking login requests can now be part of highly advanced phishing campaigns.
As cybercriminals continue adapting their tactics, awareness and proactive security practices remain the strongest defense.
