FBI warns Microsoft 365 users about Kali365 AI phishing scam
Heads up, there is a new phishing scam in town called Kali365, and the FBI says it is going after Microsoft 365 users.
Spotted in April 2026 and shared on Telegram, this platform lets attackers send AI-generated fake emails that look legitimate.
If you enter a device code on the real Microsoft login page (like they ask), you could unknowingly give hackers access to your Outlook, Teams, or OneDrive (without a password or multi-factor authentication).
FBI urges disabling device code logins
The FBI recommends turning off device-code logins and using stricter access rules if you are managing accounts.
If anything seems off, like weird emails or unexpected logins, report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov.
Since Kali365 can sneak past multi-factor authentication, staying alert is more important than ever.