New scam targets Microsoft users, FBI warns. Here's how to protect yourself

This phishing scam doesn't rely on a fake website. Instead, it tricks users into approving access themselves.
Bitdefender

FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required

Surely your Microsoft 365 accounts are safe now? Well, think again. The FBI has issued an advisory warning about a ...

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at ...

Microsoft 365 users warned over Outlook, Teams and OneDrive FBI alert

The FBI has issued a warning over a phishing-as-a-service platform ...
Memeburn

FBI Warns Microsoft 365 Users About Dangerous Phishing Tool

Kali365 targets Microsoft 365 users’ accounts, using a phishing service that doesn’t require password theft despite bypassing ...
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

After you enter the code and authenticate, the device is automatically linked to your account without ever handling your password directly. To conduct a device-code phishing attack, threat actors need ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

FBI Warns Microsoft Users—New Attack Gains Access To Accounts

The FBI issued a warning on May 21, as a new AI-powered attack enables "threat actors to obtain Microsoft 365 access tokens ...