FBI Alert: What Is 'Kali365,' the New Phishing Tool Targeting Outlook and OneDrive?

 

FBI Alert: What Is 'Kali365,' the New Phishing Tool Targeting Outlook and OneDrive?

The FBI has issued a public warning about a new phishing platform targeting Microsoft 365 users. The alert is driving more than 20,000 Google searches in the United States, a surge tracked by Kiolix Pulse as a top rising keyword.

Background: FBI Public Safety Announcement

The FBI's Internet Crime Complaint Center (IC3) published a Public Safety Announcement on May 21 about a phishing service called Kali365. The fact that the FBI issued a dedicated public announcement about a new phishing kit signals the seriousness of the threat.

What Is Kali365?

Kali365 is a Phishing-as-a-Service (PhaaS) platform designed to let even low-skilled attackers hijack Microsoft 365 accounts. Rather than stealing passwords, the platform works by stealing access tokens.

Cybercriminals subscribe to Kali365 and can immediately run token-stealing campaigns at scale. The service provides AI-generated phishing emails, automated campaign templates, real-time individual tracking dashboards, and OAuth token capture capabilities.

The platform was first spotted in April and is primarily distributed via Telegram. Cybersecurity firm Bitdefender has described it as a "subscription service for scammers."

How the Attack Works

The attack begins with a phishing email impersonating a trusted source, such as a document-sharing or cloud collaboration service. The email contains a device code along with instructions to visit an official Microsoft verification page and enter the code.

When the victim enters the code, they unknowingly grant the attacker access to their account. What makes this especially dangerous is that the victim is directed to a real Microsoft URL — the page looks entirely legitimate, which lowers suspicion significantly.

Once the attacker captures the OAuth access token, they can access the victim's Microsoft 365 account without ever needing a password, gaining entry to Outlook, Teams, and OneDrive.

Why Multi-Factor Authentication Does Not Stop This

The core danger of this phishing method is that it bypasses multi-factor authentication (MFA). Attackers obtain both access and refresh tokens, enabling persistent access to the compromised account.

As long as the stolen refresh token remains valid, attackers can continue using Outlook, Teams, and OneDrive without logging in again. This means victims may remain unaware that their accounts have been compromised for an extended period.

FBI and Microsoft Recommendations

Microsoft stated it is "actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity." Both the FBI and Microsoft urge users to watch for red flags when reviewing emails and messages.

Anyone who believes they have been targeted by a Kali365 phishing attack is encouraged to file a complaint at IC3.gov, including information about any unauthorized devices or active sessions added to the account.

The FBI advises users to follow these precautions:

  • Never open email attachments from unknown senders
  • Exercise caution with forwarded email attachments
  • Limit the use of device authentication codes
  • Report suspicious activity promptly at IC3.gov

U.S. Search Trends

According to Kiolix Pulse data, searches related to "fbi alert outlook onedrive" surpassed 20,000 in 🇺🇸 the United States, placing the topic among the top rising keywords tracked by the platform. The spike coincides with the FBI's public announcement and widespread simultaneous coverage across major news outlets.

Related Links

Sources

  • https://www.kvue.com/article/news/nation-world/fbi-warning-phishing-tool-kali365-microsoft-accounts/507-1562564a-be79-4073-b4d9-b64f1c666456
  • https://www.malwarebytes.com/blog/scams/2026/05/kali365-phishing-kit-bypasses-mfa-and-steals-microsoft-logins
  • https://thehill.com/policy/technology/5897640-cyber-attackers-are-hijacking-microsoft-outlook-teams-and-365-log-ins-fbi-says/
  • https://www.govtech.com/security/fbi-issues-scam-warning-for-users-of-microsoft-outlook-teams

Comments

Post a Comment

Popular posts from this blog

2026 Super El Niño Alert: A Historic Climate Shift Is Approaching — Compared to the Great Famine of 1877

Image
  2026 Super El Niño Alert: A Historic Climate Shift Is Approaching — Compared to the Great Famine of 1877 Meteorologists around the world are warning that a record-breaking El Niño event is highly likely to develop in the second half of 2026. Forecast models from multiple major institutions — including the European Centre for Medium-Range Weather Forecasts (ECMWF), the U.S. National Oceanic and Atmospheric Administration (NOAA), Japan's Meteorological Agency, and the Australian Bureau of Meteorology — are all pointing in the same direction. Some model runs suggest this El Niño could reach "Super El Niño" status, making it one of the most powerful events ever recorded. Global Search Interest According to trend data from Kiolix Pulse (https://trend-now.org), searches for "el niño weather" have been surging simultaneously across multiple countries. Country Search Interest 🇺🇸 United States 50,000+ searches 🇨🇦 Canada 5,000+ searches 🇦🇺 Au...
Read more

Meteor Explodes Near Boston, Sending Sonic Boom Across New England

Image
  Meteor Explodes Near Boston, Sending Sonic Boom Across New England A meteor entered the atmosphere and exploded near the Massachusetts coast on Saturday, May 30, 2026, triggering a powerful sonic boom felt across New England and sparking a surge in Google searches. According to Kiolix Pulse data, related keywords — including "meteor boston," "boston meteor," and "meteor massachusetts" — are currently trending in 🇺🇸 the United States, with combined search interest exceeding 200,000 searches. What Happened At approximately 2:11 p.m. Eastern Time, residents across Greater Boston reported a sudden, jarring explosion. Hundreds of 911 calls flooded in from eastern Massachusetts, southern New Hampshire, and northern Connecticut. Witnesses described windows rattling, pets startling, and entire homes shaking. Some residents initially assumed a nearby power plant had exploded. The U.S. Geological Survey confirmed no earthquake had occurred at the time. Weath...
Read more

UAE Hit by Iranian Missiles and Drones — Ceasefire Under Severe Strain

Image
  UAE Hit by Iranian Missiles and Drones — Ceasefire Under Severe Strain According to Kiolix Pulse trend data, search interest in "uae iran war" and related keywords has surged across major countries including India, the United Kingdom, and Pakistan as of May 5, 2026. The spike follows Iran's first direct attack on the UAE since the ceasefire agreement with the United States on April 8. What Happened: Iran Launches Missiles and Drones at UAE On May 4, 2026 (local time), Iran fired a barrage of ballistic missiles, cruise missiles, and drones at the United Arab Emirates. The UAE Ministry of Defence confirmed that its air defense systems intercepted 12 ballistic missiles, 3 cruise missiles, and 4 drones. CNN reported that an Israeli Iron Dome air defense system deployed in the UAE also participated in the interceptions. In the eastern emirate of Fujairah, an Iranian drone sparked a large fire at the Fujairah Petroleum Industries Zone, moderately injuring three Indian na...
Read more