(317) 762-8362
Mon - Fri 9AM to 5PM & By Appointment
8500 Keystone Crossing Suite 420, Indianapolis, IN 46240
LET'S CHAT
BOOK A CONSULTATION

The FBI Just Issued A Warning About A New Microsoft 365 Phishing Kit. Is Your Business Protected?

If your business runs on Microsoft 365, you need to read this.

On May 21, 2026, the FBI issued a Public Service Announcement warning businesses about a dangerous new Phishing-as-a-Service platform called Kali365. It’s been circulating since April 2026 and it’s already targeting businesses just like yours.

This isn’t a run-of-the-mill phishing scam. Kali365 is sophisticated, accessible to low-skill attackers, and designed specifically to bypass Microsoft 365’s multi-factor authentication (MFA) — the very security measure most businesses rely on to stay protected.

What Makes Kali365 So Dangerous

Most phishing attacks try to steal your password. Kali365 doesn’t need your password.

Instead, it captures your OAuth access tokens — the digital keys that keep you logged into Microsoft 365 apps like Outlook, Teams, and OneDrive. Once an attacker has your token, they have persistent access to your account without ever needing your credentials or completing an MFA challenge.

Here’s how the attack works:

  1. The Lure — You receive a phishing email impersonating a trusted cloud service like Microsoft. The email contains a device code and directs you to a legitimate-looking Microsoft verification page.
  2. Authorization — You enter the device code on what appears to be a real Microsoft page, unknowingly authorizing the attacker’s device to access your account.
  3. Token Theft — The attacker captures your OAuth access and refresh tokens, granting them full access to your Microsoft 365 environment.
  4. Persistence — The attacker now has ongoing access to your Outlook, Teams, OneDrive, and more — no password, no MFA required.

What makes this even more alarming: Kali365 is sold as a subscription service on Telegram. That means anyone can buy access to this tool and launch a sophisticated attack against your business with minimal technical knowledge.

What You Need To Do Right Now

The FBI recommends taking these steps immediately:

  • Block device code flow by creating a conditional access policy in Microsoft 365 for all users, with limited exceptions for required business processes
  • Audit existing device code flow usage to identify legitimate dependencies before making changes
  • Block authentication transfer policies to prevent users from transferring authentication from computers to mobile devices
  • Exclude emergency access accounts from restrictions to prevent lockouts

If you or your organization has already been impacted, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Don't Wait Until It's Too Late

The businesses that get hit hardest are the ones that assumed their current security setup was enough. MFA alone is no longer sufficient protection against attacks like Kali365.

At Tech365, we proactively monitor for emerging threats and make sure your Microsoft 365 environment is configured to defend against the latest attack methods — including this one.

Don’t wait for a breach to find out you were vulnerable. Book a complimentary consultation today and let’s make sure your business is protected.

Source: FBI Public Service Announcement I-052126-PSA, May 21, 2026

Latest Tech IT Out Entry

When a shared printer stops working, there can be several possible causes, and it often takes a few checks to identify the issue.

Here is how we typically approach printer problems in an office setting:

Checking how the printer is connected and who is affected
Reviewing printer status, errors, and queued jobs
Confirming computers are pointing to the correct printer
Updating or reinstalling printer software if needed
Testing printing once changes are made to confirm results

Opening a suspicious link does not always mean something is wrong, but it is worth a security check.

Here is how we typically help recover files and protect data going forward:

Identifying what data is missing and where it was last stored
Checking available backups and recovery points
Attempting safe file recovery without causing further damage
Confirming what can and cannot be restored
Putting backup and disaster recovery protections in place for the future

Opening a suspicious link does not always mean something is wrong, but it is worth a security check.

Here is how we typically make sure systems remain secure:

Checking the affected device for any unusual activity
Confirming email, account access, and passwords are still protected
Reviewing recent activity to ensure nothing unexpected occurred
Removing anything unsafe if it is found
Helping reduce future risk by implementing simulated phishing emails

Server outages happen, and there are clear steps we take to restore access and minimize disruption.

Here is how we typically help get teams back up and running:

Identifying what caused the outage and how widespread it is
Bringing critical systems and access back online safely
Checking data integrity to make sure nothing was lost or corrupted
Reviewing server health to prevent repeat issues
Putting safeguards in place to reduce future downtime

When Wi-Fi goes in and out, it is usually tied to a few common setup or signal issues.

Here are some of the things we look at to help get Wi-Fi working more consistently:

Making sure Wi-Fi coverage reaches all the areas you need it
Checking for signal interference from nearby devices or networks
Reviewing router placement and basic configuration
Confirming equipment and software are current
Helping reduce ongoing connection problems over time

Slow computers are usually caused by a few common issues, and they are typically fixable.

Here is how we typically help with slow computer issues:

Removing unnecessary background programs and system clutter
Freeing up storage that can slow performance
Fixing update or software conflicts
Checking hardware for early signs of wear
Keeping systems maintained to help prevent future slowdowns