Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says

(NEXSTAR) – A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users’ accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.

The phishing platform, called Kali365, was first seen in April, according to the FBI. It’s primarily distributed through the messaging app Telegram and allows cyber attackers to bypass multi-factor authentication.

The scam starts with a lure, typically a phishing email impersonating a trusted source like a document sharing service. “This phishing email contains a device code with instructions to visit a legitimate Microsoft verification page and enter the code,” the FBI warns.

Once you navigate to the real Microsoft page and paste in the code, you’d be unwittingly authorizing the attacker to access your account. From there, they........

© The Hill