Voz media US Voz.us
Apple store Voz-media Play store Voz Media

FBI warns of new phishing attack that steals Outlook, Teams and OneDrive accounts without passwords: we explain it to you

The agency has issued an urgent alert to millions of Outlook, Teams and OneDrive users. A sophisticated new attack called Kali365 allows cybercriminals to access your Microsoft 365 accounts without stealing your password or getting past two-factor authentication (MFA).

The FBI shield-File Image.

The FBI shield-File Image.AFP.

Carlos Dominguez
Published by
Carlos Dominguez

The FBI alert about a new threat that puts millions of Microsoft 365 accounts at risk. The federal agency issued an urgent warning on May 21, 2026 about Kali365, a Phishing-as-a-Service (PhaaS) service that allows cybercriminals to access accounts on Outlook, Teams and OneDrive accounts without stealing passwords or defeating two-factor authentication (MFA).

What is Kali365 and why is it so dangerous?

Kali365 is a phishing platform sold on a subscription basis (approximately $250 per month) primarily on Telegram. It was first detected in April 2026 and has quickly gained popularity among cybercriminals, even those with little technical expertise.

Unlike traditional phishing attacks, Kali365 does not attempt to steal your password. Instead, it uses a technique called "device code phishing" that exploits Microsoft's legitimate authentication flow.

Here's how the step-by-step attack works:

  1. You receive an email that looks legitimate (e.g. "Your colleague shared a document on OneDrive" or "Check this important file").
  2. The message takes you to the official Microsoft page.
  3. You are prompted to enter a device code.
  4. By entering the code, you are unknowingly authorizing an application controlled by the attacker.
  5. The offender obtains OAuth tokens (access tokens) that give him persistent access to your account.
Once inside, the attacker can read emails in Outlook, download files from OneDrive, join chats in Teams and move around freely without asking for MFA again.

Who is at risk?

  • Individual users with personal or work Microsoft 365 accounts.
  • Companies of any size using Outlook, Teams and OneDrive.
  • Organizations that rely solely on traditional multi-factor authentication.

According to the FBI, this type of attack allows persistent access that can be used for data theft, corporate espionage, extortion or as a gateway for ransomware.

Official FBI recommendations to protect yourself

The FBI recommends the following immediate steps:

  • Always verify senders and don't enter device codes if you receive unexpected requests.
  • Use Conditional Access Policies (in enterprise environments) to restrict access by location, device or risk.
  • Regularly review apps with permissions on your Microsoft account (myapps.microsoft.com).
  • Review suspicious tokens immediately.
  • Turn on sign-in alerts in Microsoft 365.
  • Train your team to recognize this new type of phishing.

What to do if you think you were a victim?

  • Change your master password immediately.
  • Check connected applications and revoke unknown logins.
  • Report the incident on IC3.gov.
  • Notify your IT department if it is a corporate account.

LATEST

RECOMMENDATION

tracking