Updated
Updated · Computerworld · May 22
FBI Warns Kali365 Phishing Steals Microsoft 365 Tokens, Bypassing MFA
Updated
Updated · Computerworld · May 22

FBI Warns Kali365 Phishing Steals Microsoft 365 Tokens, Bypassing MFA

4 articles · Updated · Computerworld · May 22
  • Kali365 lets attackers capture Microsoft 365 OAuth tokens and access accounts without intercepting passwords, prompting an FBI warning about a new phishing wave.
  • The scam uses emails posing as trusted document-sharing services and directs victims to enter a code on a legitimate Microsoft page that instead authorizes the attacker’s device.
  • The FBI urged IT teams to block code-flow access for most users and restrict authentication transfer policies that can hand corporate account access to mobile devices.
  • Phishing remains a broad corporate risk: 77% of organizations say attacks increased over the past year, and CEOs ranked it the top security threat in a January World Economic Forum report.
Criminals now steal account keys, not passwords. Are our current security strategies obsolete?
Your MFA can be bypassed on a real Microsoft website. How can you spot the trap before it’s too late?

Related Stories

ComputerworldMay 22
GBHackersMay 22
The RegisterMay 22
teamwin.inMay 22