FBI Alert for Outlook, Teams and OneDrive Users Who Could Lose Access Despite MFA: How the Scam Works

Federal authorities have issued an urgent warning to millions of digital workers who rely on Microsoft applications to run their daily operations. A new cyber scheme is actively spreading across global networks, allowing digital thieves to lock people out of their essential work files completely.

Instead of cracking passwords, this sophisticated operation tricks individuals into compromising their own systems, bypassing traditional security walls entirely.

New Kali365 Threat Triggers Urgent FBI Alert

A clever new phishing tool lets hackers slip straight into Microsoft 365 accounts without ever needing a password, the FBI warned in a public safety advisory. Federal investigators first spotted the phishing setup, dubbed Kali365, back in April. It mostly spreads through the messaging app Telegram, giving hackers an easy way to slide right past multi-factor authentication checks.

How the Device Code Scam Works

The scam begins when a deceptive email lands in an inbox, disguised as a routine notification from a trusted document-sharing platform. The FBI explains how the trap is sprung: 'This phishing email contains a device code with instructions to visit a legitimate Microsoft verification page and enter the code.'

By following those instructions and entering the code on the genuine Microsoft site, you unknowingly hand over the keys to your profile. The scammers instantly grab authorisation tokens, giving them free rein over your entire Microsoft 365 suite—from your Outlook inbox and Teams chats to everything stored in OneDrive. They walk right in, completely bypassing the need for your password or multi-factor authentication.

According to the FBI, this fresh threat lowers the barrier to entry by allowing novice hackers to easily intercept authorisation codes. The setup relies on AI to craft convincing phishing bait, giving scammers the ability to zero in on specific targets and monitor them as the attack happens.

FBI Safeguards to Protect Your Accounts

To shield your system from a Kali365 intrusion, the FBI suggests implementing the following safeguards:

• Setting up a conditional access policy to shut down device code flows for everyone, barring a few necessary exceptions
• Auditing your active code flow permissions to ensure only authorised users have them
• Disabling the feature that lets staff transfer active login sessions from desktops over to mobile phones
• Leaving emergency access accounts out of these restrictions so you never accidentally lock yourself out

A Microsoft spokesperson told Nexstar that the company supports the FBI's recommendations and highlighted a few extra steps you can take to stay safe:

• Learn how to recognise deceptive emails straight away so you can spot a trap before falling for it
• Avoid opening attachments from unfamiliar addresses to stop malicious software from downloading onto your computer
• Keep your operating system and apps fully updated so you always have the most recent security patches installed

Step-by-Step Guide to Reporting an Intrusion

If anyone has fallen victim to this Kali365 scam, the FBI advises lodging a report directly with the Internet Crime Complaint Center (IC3) at www.ic3.gov. To help investigators piece the puzzle together, it is essential to hand over any digital evidence available, including:

• Copies of the deceptive emails, especially the message headers and text body
• Details on any unusual account logins, noting the exact times, IP addresses, and locations
• A list of any unfamiliar devices or mysterious active sessions that suddenly appeared on the profile

Microsoft Moves to Disrupt Cybercriminal Networks

Meanwhile, Microsoft is stepping up its own defences. The tech giant noted that it is 'actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity to protect our customers.'