FBI Alert for Outlook, Teams and OneDrive Users Who Could Lose Access Despite MFA: How the Scam Works

Federal authorities have issued an urgent warning to millions of digital workers who rely onMicrosoftapplications to run their daily operations. A new cyber scheme is actively spreading across global networks, allowing digital thieves to lock people out of their essential work files completely.

Instead of cracking passwords, this sophisticated operation tricks individuals into compromising their own systems, bypassing traditional security walls entirely.

A clever new phishing tool lets hackers slip straight into Microsoft 365 accounts without ever needing a password, the FBIwarnedin a public safety advisory. Federal investigators first spotted the phishing setup, dubbed Kali365, back in April. It mostly spreads through the messaging app Telegram, giving hackers an easy way to slide right past multi-factor authentication checks.

The FBI released a#PSAwarning the public about Kali365—an emerging Phishing-as-a-Service (PhaaS) platform. Kali365, first seen in April 2026, enables cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without…pic.twitter.com/n2iQazJKYH

The scam begins when a deceptive email lands in an inbox, disguised as a routine notification from a trusted document-sharing platform. The FBI explains how the trap is sprung: 'This phishing email contains a device code with instructions to visit a legitimate Microsoft verification page and enter the code.'

By following those instructions and entering the code on the genuine Microsoft site, you unknowingly hand over the keys to your profile. The scammers instantly grab authorisation tokens, giving them free rein over your entire Microsoft 365 suite—from your Outlook inbox and Teams chats to everything stored in OneDrive. They walk right in, completely bypassing the need for your password or multi-factor authentication.

According to the FBI, this fresh threat lowers the barrier to entry by allowing novice hackers to easily intercept authorisation codes. The setup relies on AI to craft convincingphishing bait, giving scammers the ability to zero in on specific targets and monitor them as the attack happens.

To shield your system from a Kali365 intrusion, theFBIsuggests implementing the following safeguards:

A Microsoft spokesperson told Nexstar that the company supports the FBI's recommendations and highlighted a fewextra stepsyou can take to stay safe:

If anyone has fallen victim to this Kali365 scam, the FBI advises lodging a report directly with the Internet Crime Complaint Center (IC3) at www.ic3.gov. To help investigators piece the puzzle together, it is essential to hand over any digital evidence available, including:

Source: International Business Times UK