FBI warns Microsoft users of Kali365 scam duping thousands: How the scam works and how users can protect themselves

The FBI has issued a warning about Kali365, a new Phishing-as-a-Service platform enabling attackers to steal Microsoft 365 OAuth tokens and bypass MFA. This platform lowers the barrier for cybercriminals, providing AI-generated lures and automated campaign tools. Users are advised to restrict device code flow and implement conditional access policies to protect their accounts.

Jun 16, 2026 3

FBI warns Microsoft users of Kali365 scam duping thousands: How the scam works and how users can protect themselves
The FBI has issued a warning about Kali365, a new Phishing-as-a-Service platform enabling attackers to steal Microsoft 365 OAuth tokens and bypass MFA. This platform lowers the barrier for cybercriminals, providing AI-generated lures and automated campaign tools. Users are advised to restrict device code flow and implement conditional access policies to protect their accounts.
Read More