Name: FBI Issues Urgent Scam Alert to Teams, Outlook, and OneDrive Users
Uploaded: 2026-06-16T14:10:07+00:00
Description: The FBI has issued an urgent warning about a fast-moving scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency said a hacking platform called Kali365 is being used to capture OAuth device codes, allowing scammers to access Microsoft accounts without needing a password and without intercepting multifactor authentication codes.

The FBI has issued an urgent warning about a fast-moving scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency said a hacking platform called Kali365 is being used to capture OAuth device codes, allowing scammers to access Microsoft accounts without needing a password and without intercepting multifactor authentication codes.

The FBI has issued an urgent warning about a fast-moving scam targeting Microsoft 365 users on Teams, Outlook and OneDrive.

The agency said a hacking platform called Kali365 is being used to capture OAuth device codes, allowing scammers to access Microsoft accounts without needing a password and without intercepting multifactor authentication codes.

According to the FBI , scammers send phishing emails that impersonate trusted cloud productivity or document-sharing services.

The email includes a device code and asks the target to visit a Microsoft verification page to enter it.

Once the user enters the code, they unknowingly authorize the attacker’s device to access their Microsoft 365 account.

The attacker can then capture OAuth access and refresh tokens, giving them access to Microsoft 365 services such as Outlook, Teams, and OneDrive.

The FBI described Kali365 as an emerging Phishing-as-a-Service platform.

The platform gives less-skilled attackers access to AI-generated phishing lures, automated campaign templates, real-time tracking dashboards, and OAuth token capture tools.

This makes advanced phishing attacks easier for scammers who may not have strong technical skills.

Kali365 was first detected by the FBI in April and is reportedly being sold to scammers through a subscription model for $250 per month.

The scam is concerning because it does not rely on stealing a user’s password.

Instead, it abuses device-code authentication and captures access tokens after the user follows the attacker’s instructions.

This can allow scammers to bypass multifactor authentication and gain access to Microsoft accounts without traditional login details.

The FBI advised users not to open links or follow instructions involving access codes they did not request.

The agency also urged users to report phishing emails, suspicious logins, unauthorized devices, and active sessions added to their accounts to the Internet Crime Complaint Center.

Users should include available details such as email headers, message bodies, login times, IP addresses, and locations when filing a report.

A Microsoft spokesperson advised users to follow the FBI’s guidance.

The company said its Digital Crimes Unit has disrupted similar cybercrime tools designed to steal passwords and data, including RaccoonO365 and other do-it-yourself phishing scams.

Microsoft said it continues working to disrupt phishing-as-a-service and account takeover networks to protect users.

Get the latest tech news, telecom insights, and product launches wherever you prefer.

Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.