Welcome to PhishQueue Phishing News, your monthly update on staying ahead of phishing threats.
The FBI is warning about a new phishing service called Kali365 that targets Microsoft 365 accounts. This scam is dangerous because it can help attackers get into an account even when multi-factor authentication is enabled.
Instead of only stealing a password, the attack tricks users into granting access through what appears to be a legitimate Microsoft sign-in process. Once attackers gain access, they may be able to read emails, access files, and use the account to send additional phishing messages.
Source: ic3.gov
Your most effective move is not to guess.
If something feels even slightly wrong, submit the message to PhishQueue. PhishQueue will analyze the message for you and tell you if it is safe or malicious, with no risk to you.
Submitting suspicious emails to PhishQueue helps protect you and prevents scams from spreading to others.
Anatomy of a Microsoft 365 Phishing-as-a-Service Kit: Microsoft explains how Kali365 bypasses MFA by stealing authentication tokens, enabling persistent access to Microsoft 365 accounts for fraud and financial theft. (SpyCloud)
BleepingComputer Coverage: Security researchers reported that Kali365 is being used to target Microsoft 365 accounts and steal access tokens. (BleepingComputer)
Malwarebytes Analysis: Malwarebytes explains how Kali365 tricks users into entering a short code on a legitimate Microsoft page, allowing attackers to gain access without directly stealing a password. (Malwarebytes)
Multi-factor authentication is important, but phishing attacks continue to evolve.
Stay safe with PhishQueue.
Why did the hacker send a phishing email instead of getting a real job?
Because phishing looked like less work and better odds.
Cybersecurity is serious, but staying informed does not have to be dull!
Stay vigilant,
PhishQueue Team