GoKawiilA fast-spreading cyberattack kit called ‘Kali365’ allows low-skill scammers to hijack a user’s account without ever stealing their password. The security measure millions rely on to protect their accounts may not be as foolproof as they think.The Federal Bureau of Investigation is warning the public about a fast-spreading scam targeting users of popular Microsoft 365 products, including Outlook, Teams, and OneDrive. The scheme allows cybercriminals to capture Microsoft authentication tokens, bypassing multifactor authentication without needing a user’s password.
The FBI just issued an urgent warning for anyone using Microsoft Teams, Outlook, or OneDrive over a new phishing scheme
Why This Matters
This urgent warning highlights a significant vulnerability in widely used Microsoft 365 services, exposing millions of users to sophisticated phishing attacks that can bypass multi-factor authentication. For the tech industry and consumers, it underscores the importance of staying vigilant and implementing additional security measures to protect sensitive data from emerging cyber threats.
Key Takeaways
- Cybercriminals can hijack accounts without stealing passwords using the Kali365 kit.
- The attack bypasses multi-factor authentication by capturing authentication tokens.
- Users of Microsoft Teams, Outlook, and OneDrive are at increased risk and should review security protocols.
Get alerts for these topics