The Federal Bureau of Investigation (FBI) has issued a warning to the public regarding a new phishing tool known as Kali365, which poses a threat to Microsoft 365 account users. This tool, first identified in April, enables cybercriminals to bypass multi-factor authentication and gain unauthorized access to users’ Outlook, Teams, and OneDrive accounts through deceptive phishing messages.
Understanding the Threat
Kali365 is described as a ‘subscription service for scammers’ by cybersecurity firm Bitdefender. The tool has been primarily distributed via Telegram, a messaging platform. Hackers employ phishing emails that mimic legitimate communications, tricking users into clicking links that lead to Microsoft’s real website. Once there, users unknowingly input device codes that allow hackers to obtain access and refresh tokens, facilitating unauthorized entry into accounts.
Protecting Your Accounts
To safeguard against this threat, the FBI and Microsoft advise vigilance when reviewing emails and messages. Users should be cautious of red flags such as unexpected invoices, urgent messages, discussions of large sums of money, fake security alerts, and fraudulent IT communications. The FBI recommends verifying email senders for typos, avoiding unfamiliar links or attachments, and reporting phishing attempts to the Federal Trade Commission or using the ‘report phishing’ feature in email services.
Additionally, the FBI suggests limiting account access by restricting device code flow, thereby preventing attackers from acquiring the necessary tokens to bypass passwords.
Microsoft’s Response
Microsoft has stated that it is actively working to disrupt the cybercriminal ecosystems responsible for phishing-as-a-service and account takeover activities. The company is committed to protecting its customers from these evolving threats.
For users who suspect unauthorized access to their accounts, the FBI encourages reporting any suspicious activity, such as unknown devices or active sessions, to the Internet Crime Complaint Center.
Original reporting: WQAD (Quad Cities) — read the source article.
