{"id":115593,"date":"2026-06-16T20:27:08","date_gmt":"2026-06-16T15:27:08","guid":{"rendered":"https:\/\/dailyausaf.com\/en\/?p=115593"},"modified":"2026-06-16T20:27:08","modified_gmt":"2026-06-16T15:27:08","slug":"scam-alert-fbi-issues-warning-for-teams-outlook-onedrive-users","status":"publish","type":"post","link":"https:\/\/dailyausaf.com\/en\/technology\/scam-alert-fbi-issues-warning-for-teams-outlook-onedrive-users\/","title":{"rendered":"Scam Alert: FBI issues warning for Teams, Outlook, OneDrive users"},"content":{"rendered":"<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">A <\/span><span class=\"\">new <\/span><span class=\"\">Microsoft <\/span><span class=\"\">365 <\/span><span class=\"\">scam <\/span><span class=\"\">on <\/span><span class=\"\">Microsoft <\/span><span class=\"\">Teams, <\/span><span class=\"\">Outlook, <\/span><span class=\"\">and <\/span><span class=\"\">OneDrive <\/span><span class=\"\">is <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">spreading <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">quickly, <\/span><span class=\"\">and <\/span><span class=\"\">the <\/span><span class=\"\">FBI <\/span><span class=\"\">is <\/span><span class=\"\">warning <\/span><span class=\"\">the <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">public <\/span><span class=\"\">about <\/span><span class=\"\">it.<\/span><\/span><\/div>\n<div class=\"h-2\"><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">The <\/span><span class=\"\">FBI <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">noted <\/span><span class=\"\">that <\/span><span class=\"\">a <\/span><span class=\"\">hacking <\/span><span class=\"\">platform <\/span><span class=\"\">called <\/span><span class=\"\">Kali365 <\/span><span class=\"\">is <\/span><span class=\"\">being <\/span><span class=\"\">used <\/span><span class=\"\">to <\/span><span class=\"\">steal <\/span><span class=\"\">OAuth <\/span><span class=\"\">device <\/span><span class=\"\">codes <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">from <\/span><span class=\"\">its <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">victims, <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">which <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">grants <\/span><span class=\"\">attackers <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">full <\/span><span class=\"\">access <\/span><span class=\"\">to <\/span><a href=\"https:\/\/dailyausaf.com\/en\/technology\/iran-threatens-to-attack-google-microsoft-in-response-to-recent-attacks\/\"><span class=\"\">Microsoft <\/span><span class=\"\">accounts <\/span><\/a><span class=\"\">without <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">requiring <\/span><span class=\"\">the <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">username <\/span><span class=\"\">or <\/span><span class=\"\">password. <\/span><\/span><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"bg-green-100 dark:bg-green-900\/30\">Additionally, <\/span><span class=\"\">no <\/span><span class=\"\">multifactor <\/span><span class=\"\">authentication <\/span><span class=\"\">code <\/span><span class=\"\">is <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">intercepted.<\/span><\/span><\/div>\n<h2><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">How <\/span><span class=\"\">the <\/span><span class=\"\">Scam <\/span><span class=\"\">works<\/span><\/span><\/h2>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">As <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">outlined <\/span><span class=\"\">by <\/span><span class=\"\">the <\/span><span class=\"\">FBI, <\/span><span class=\"\">attackers <\/span><span class=\"\">send <\/span><span class=\"\">a <\/span><span class=\"\">phishing <\/span><span class=\"\">email <\/span><span class=\"\">that <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">mimics <\/span><span class=\"\">a <\/span><span class=\"\">trusted <\/span><span class=\"\">cloud <\/span><span class=\"\">document-sharing <\/span><span class=\"\">or <\/span><span class=\"\">cloud <\/span><span class=\"\">productivity <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">service. <\/span><\/span><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">A <\/span><span class=\"\">device <\/span><span class=\"\">code <\/span><span class=\"\">is <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">included <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">within <\/span><span class=\"\">the <\/span><span class=\"\">phishing <\/span><span class=\"\">message, <\/span><span class=\"\">and <\/span><span class=\"\">its <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">recipient <\/span><span class=\"\">is <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">prompted <\/span><span class=\"\">to <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">input <\/span><span class=\"\">it <\/span><span class=\"\">at <\/span><span class=\"\">a <\/span><span class=\"\">Microsoft <\/span><span class=\"\">verification <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">website <\/span><span class=\"\">to <\/span><span class=\"\">log <\/span><span class=\"\">in. <\/span><\/span><\/div>\n<div><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Once <\/span><span class=\"\">the <\/span><span class=\"\">user <\/span><span class=\"\">enters <\/span><span class=\"\">the <\/span><span class=\"\">device <\/span><span class=\"\">code <\/span><span class=\"\">on <\/span><span class=\"\">the <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">malicious <\/span><span class=\"\">page, <\/span><span class=\"\">they <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">unintentionally <\/span><span class=\"\">authorize <\/span><span class=\"\">the <\/span><span class=\"\">attacker\u2019s <\/span><span class=\"\">device <\/span><span class=\"\">to <\/span><span class=\"\">access <\/span><span class=\"\">their <\/span><span class=\"\">Microsoft <\/span><span class=\"\">365 <\/span><span class=\"\">account.<\/span><\/span><\/div>\n<div class=\"h-2\"><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Attackers <\/span><span class=\"\">can <\/span><span class=\"\">then <\/span><span class=\"\">steal <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">both <\/span><span class=\"\">OAuth <\/span><span class=\"\">access <\/span><span class=\"\">and <\/span><span class=\"\">refresh <\/span><span class=\"\">tokens <\/span><span class=\"\">in <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">order <\/span><span class=\"\">to <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">carry <\/span><span class=\"\">out <\/span><span class=\"\">a <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">full <\/span><span class=\"\">Microsoft <\/span><span class=\"\">365 <\/span><span class=\"\">account <\/span><span class=\"\">takeover <\/span><span class=\"\">for <\/span><span class=\"\">Outlook, <\/span><span class=\"\">Teams, <\/span><span class=\"\">or <\/span><span class=\"\">OneDrive <\/span><span class=\"\">services. <\/span><\/span><\/div>\n<div><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Kali365, <\/span><span class=\"\">the <\/span><span class=\"\">platform <\/span><span class=\"\">being <\/span><span class=\"\">used, <\/span><span class=\"\">is <\/span><span class=\"\">described <\/span><span class=\"\">by <\/span><span class=\"\">the <\/span><span class=\"\">FBI <\/span><span class=\"\">as <\/span><span class=\"\">a <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">nascent <\/span><span class=\"\">Phishing-as-a-Service <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">tool <\/span><span class=\"\">that <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">offers <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">criminals <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">with <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">weak <\/span><span class=\"\">technical <\/span><span class=\"\">skills <\/span><span class=\"\">a <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">variety <\/span><span class=\"\">of <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">features, <\/span><span class=\"\">including <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">AI-driven <\/span><span class=\"\">phishing <\/span><span class=\"\">lures, <\/span><span class=\"\">automated <\/span><span class=\"\">campaign <\/span><span class=\"\">templates, <\/span><span class=\"\">real-time <\/span><span class=\"\">tracking <\/span><span class=\"\">dashboards, <\/span><span class=\"\">and <\/span><span class=\"\">OAuth <\/span><span class=\"\">token <\/span><span class=\"\">capture <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">functionality. <\/span><\/span><\/div>\n<div><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">The <\/span><span class=\"\">FBI <\/span><span class=\"\">detected <\/span><span class=\"\">Kali365 <\/span><span class=\"\">in <\/span><span class=\"\">April <\/span><span class=\"\">and <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">reported <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">it&#8217;s <\/span><span class=\"\">being <\/span><span class=\"\">sold <\/span><span class=\"\">for <\/span><span class=\"\">$250 <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">monthly. <\/span><\/span><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">The <\/span><span class=\"\">crime <\/span><span class=\"\">is <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">considered <\/span><span class=\"\">concerning <\/span><span class=\"\">because <\/span><span class=\"\">the <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">technique <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">doesn&#8217;t <\/span><span class=\"\">rely <\/span><span class=\"\">on <\/span><span class=\"\">phishing <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">credentials <\/span><span class=\"\">but <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">rather <\/span><span class=\"\">on <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">abusing <\/span><span class=\"\">the <\/span><span class=\"\">device-code <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">authorization <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">method.<\/span><\/span><\/div>\n<div><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">The <\/span><span class=\"\">scam <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">bypasses <\/span><span class=\"\">multifactor <\/span><span class=\"\">authentication <\/span><span class=\"\">when <\/span><span class=\"\">the <\/span><span class=\"\">user <\/span><span class=\"\">follows <\/span><span class=\"\">the <\/span><span class=\"\">phishing <\/span><span class=\"\">lure&#8217;s <\/span><span class=\"\">instructions, <\/span><span class=\"\">and <\/span><span class=\"\">their <\/span><span class=\"\">access <\/span><span class=\"\">tokens <\/span><span class=\"\">are <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">captured.<\/span><\/span><\/div>\n<h2><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"bg-green-100 dark:bg-green-900\/30\">What <\/span><span class=\"\">to <\/span><span class=\"\">do <\/span><span class=\"\">if <\/span><span class=\"\">You <\/span><span class=\"\">Are <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">Targeted <\/span><span class=\"\">by <\/span><span class=\"\">this <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">Attack<\/span><\/span><\/h2>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">The <\/span><span class=\"\">FBI <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">cautions <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">individuals <\/span><span class=\"\">not <\/span><span class=\"\">to <\/span><span class=\"\">open <\/span><span class=\"\">emails <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">with <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">unsolicited <\/span><span class=\"\">instructions <\/span><span class=\"\">or <\/span><span class=\"\">links <\/span><span class=\"\">that <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">prompt <\/span><span class=\"\">users <\/span><span class=\"\">to <\/span><span class=\"\">enter <\/span><span class=\"\">access <\/span><span class=\"\">codes. <\/span><\/span><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">All <\/span><span class=\"\">phishing <\/span><span class=\"\">emails, <\/span><span class=\"\">suspicious <\/span><span class=\"\">logins, <\/span><span class=\"\">new <\/span><span class=\"\">and <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">unexpected <\/span><span class=\"\">devices, <\/span><span class=\"\">and <\/span><span class=\"\">sessions <\/span><span class=\"\">that <\/span><span class=\"\">have <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">been <\/span><span class=\"\">added <\/span><span class=\"\">to <\/span><span class=\"\">accounts <\/span><span class=\"\">should <\/span><span class=\"\">be <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">reported <\/span><span class=\"\">to <\/span><span class=\"\">the <\/span><span class=\"\">Internet <\/span><span class=\"\">Crime <\/span><span class=\"\">Complaint <\/span><span class=\"\">Center. <\/span><\/span><\/div>\n<div><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Users <\/span><span class=\"\">are <\/span><span class=\"\">advised <\/span><span class=\"\">to <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">provide <\/span><span class=\"\">as <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">many <\/span><span class=\"\">details <\/span><span class=\"\">as <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">possible <\/span><span class=\"\">in <\/span><span class=\"\">their <\/span><span class=\"\">report, <\/span><span class=\"\">such <\/span><span class=\"\">as <\/span><span class=\"\">email <\/span><span class=\"\">headers, <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">messages, <\/span><span class=\"\">the <\/span><span class=\"\">IP <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">addresses <\/span><span class=\"\">of <\/span><span class=\"\">logins,<\/span><span class=\"\">\u00a0<\/span><span class=\"\">login <\/span><span class=\"\">locations, <\/span><span class=\"\">and <\/span><span class=\"\">times.<\/span><\/span><\/div>\n<div class=\"h-2\"><\/div>\n<div><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Microsoft <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">recommends <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">following <\/span><span class=\"\">the <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">FBI&#8217;s <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">warnings <\/span><span class=\"\">and <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">mentions <\/span><span class=\"\">in <\/span><span class=\"\">its <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">statements <\/span><span class=\"\">that <\/span><span class=\"\">its <\/span><span class=\"\">Digital <\/span><span class=\"\">Crimes <\/span><span class=\"\">Unit <\/span><span class=\"\">has <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">recently <\/span><span class=\"\">disrupted <\/span><span class=\"\">other <\/span><span class=\"\">phishing <\/span><span class=\"\">tools <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">like <\/span><span class=\"\">RaccoonO365 <\/span><span class=\"\">and <\/span><span class=\"\">other <\/span><span class=\"\">do-it-yourself <\/span><span class=\"\">phishing <\/span><span class=\"\">attacks <\/span><span class=\"\">that <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">were <\/span><span class=\"\">designed to steal<\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">\u00a0<\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">users&#8217; <\/span><span class=\"\">passwords <\/span><span class=\"\">and <\/span><span class=\"\">data. <\/span><\/span><span class=\"cursor-pointer hover:bg-primary\/20 hover:text-primary transition-colors rounded px-0.5 py-0.5\" data-state=\"closed\" data-slot=\"tooltip-trigger\"><span class=\"\">Microsoft <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">says <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">it&#8217;s <\/span><span class=\"bg-green-100 dark:bg-green-900\/30\">continuously <\/span><span class=\"\">working <\/span><span class=\"\">to <\/span><span class=\"\">disrupt <\/span><span class=\"\">account <\/span><span class=\"\">takeover <\/span><span class=\"\">and <\/span><span class=\"\">phishing-as-a-service <\/span><span class=\"\">networks.<\/span><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A new Microsoft 365 scam on Microsoft Teams, Outlook, and OneDrive is spreading quickly, and the FBI is warning the public about it. The FBI noted that a hacking platform called Kali365 is being used to steal OAuth device codes from its victims, which grants attackers full access to Microsoft accounts without requiring the username [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":79942,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,8],"tags":[30338],"class_list":["post-115593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news","category-technology","tag-scam-alert"],"_links":{"self":[{"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/posts\/115593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/comments?post=115593"}],"version-history":[{"count":2,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/posts\/115593\/revisions"}],"predecessor-version":[{"id":115600,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/posts\/115593\/revisions\/115600"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/media\/79942"}],"wp:attachment":[{"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/media?parent=115593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/categories?post=115593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dailyausaf.com\/en\/wp-json\/wp\/v2\/tags?post=115593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}