June 2026

Kali365 Phishing Scam Targets Microsoft 365 Users

June 28, 2026

Welcome to PhishQueue Phishing News, your monthly update on staying ahead of phishing threats.

Kali365 Phishing Scam Targets Microsoft 365 Users

The FBI is warning about a new phishing service called Kali365 that targets Microsoft 365 accounts. This scam is dangerous because it can help attackers get into an account even when multi-factor authentication is enabled.

Instead of only stealing a password, the attack tricks users into granting access through what appears to be a legitimate Microsoft sign-in process. Once attackers gain access, they may be able to read emails, access files, and use the account to send additional phishing messages.

How It Works

  • You receive an email or message related to Microsoft 365.
  • The message claims you need to sign in, verify access, or complete a security step.
  • You are directed through what appears to be a normal Microsoft sign-in process.
  • The attacker captures a temporary access token instead of just your password.
  • That token can allow the attacker to access your Microsoft 365 account.

Why It Is Dangerous

  • It can bypass multi-factor authentication.
  • The sign-in process looks legitimate because it uses real Microsoft pages.
  • Attackers may gain access to Outlook, Teams, OneDrive, and other Microsoft services.
  • Once inside, attackers can send phishing messages from your account to coworkers and contacts.

Source: ic3.gov

Your Best Defense

Your most effective move is not to guess.

If something feels even slightly wrong, submit the message to PhishQueue. PhishQueue will analyze the message for you and tell you if it is safe or malicious, with no risk to you.

What You Can Do Now

  • Be cautious of unexpected Microsoft 365 sign-in requests.
  • Do not approve login prompts unless you initiated the request.
  • Watch for messages that pressure you to verify your account immediately.
  • Always use the PhishQueue “Report Phish” button when you are unsure.

Submitting suspicious emails to PhishQueue helps protect you and prevents scams from spreading to others.

Real-World Example

Anatomy of a Microsoft 365 Phishing-as-a-Service Kit: Microsoft explains how Kali365 bypasses MFA by stealing authentication tokens, enabling persistent access to Microsoft 365 accounts for fraud and financial theft. (SpyCloud)

BleepingComputer Coverage: Security researchers reported that Kali365 is being used to target Microsoft 365 accounts and steal access tokens. (BleepingComputer)

Malwarebytes Analysis: Malwarebytes explains how Kali365 tricks users into entering a short code on a legitimate Microsoft page, allowing attackers to gain access without directly stealing a password. (Malwarebytes)

The Bottom Line

Multi-factor authentication is important, but phishing attacks continue to evolve.
Stay safe with PhishQueue.

Quick Tips to Stay Safe

  • Pause before approving any unexpected Microsoft 365 sign-in request.
  • Do not enter codes or approve prompts unless you started the login process.
  • Treat urgent account verification messages with caution.
  • Report suspicious messages to PhishQueue instead of trying to determine whether they are legitimate yourself.

Phishing Joke of the Month

Why did the hacker send a phishing email instead of getting a real job?

Because phishing looked like less work and better odds.

Cybersecurity is serious, but staying informed does not have to be dull!

Stay vigilant,
PhishQueue Team

← Back to Phishing News