Kali365 phishing kit bypasses MFA and steals Microsoft logins
INDIA — By BharatSecure Threat Intelligence Team ·
Verdict: Suspicious | Risk Score: 9/10 | Severity: critical
Category: phishing
How Kali365 phishing kit bypasses MFA and steals Microsoft logins Works
A new phishing toolkit, Kali365, is being used by attackers to bypass multi-factor authentication (MFA) and gain persistent access to Microsoft accounts. This allows them to compromise Outlook, Teams, and OneDrive, as warned by the FBI.
How This Scam Works — Detailed Explanation
In recent months, a sophisticated phishing toolkit known as Kali365 has emerged, causing grave concerns among users of Microsoft services across India. Scammers leverage social engineering techniques on popular platforms such as WhatsApp and social media to identify and target their victims. Often, they create fake profiles or accounts that exude trustworthiness, promising fictitious rewards or urgent messages about account updates. Victims are lured into clicking on malicious links that redirect them to counterfeit versions of Microsoft login pages. Here, they are unknowingly providing their login credentials, which the scammers capture in real-time.
Kali365's phishing kit is cunningly designed to bypass Multi-Factor Authentication (MFA), a security feature employed by millions to protect their accounts. Unlike traditional phishing techniques, this toolkit uses advanced methods to simulate the legitimate login process, including OAuth prompts that request MFA codes. Scammers exploit psychological tactics such as urgency and threat—telling victims that their accounts will be suspended if they don’t act immediately or that they need to verify their identity through expensive links sent via WhatsApp. This creates an atmosphere of panic, making users less cautious about the process, ultimately leading to their account compromise.
Once victims are trapped and their login details captured, the scam unfolds systematically. After obtaining these credentials, attackers can access victims' Microsoft accounts and take control of services like Outlook, Teams, and OneDrive. For instance, a recent case in Pune saw an individual lose access to important business documents stored on OneDrive, severely impacting their work and causing significant financial losses. As cases emerge, it is evident that the ramifications are profound; compromised accounts can lead to unauthorized financial transactions, especially as many individuals use these details configured for banking apps linked through UPI.
The impact of this new phishing tactic is alarming in India, especially amidst rising digital transactions where people rely heavily on technology. In one report, it was cited that over ₹200 crore has been lost to phishing scams in the first half of 2023 alone. The Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have issued notices about these increasing cyber threats, prompting citizens to remain vigilant. CERT-In has also released alerts regarding the vulnerability of users to such attempts, especially with critical services becoming the focus of these attacks.
As we navigate our digital lives, spotting this scam amidst legitimate communications is vital. Users should be particularly cautious of poor grammar or unusual URLs that mimic Microsoft’s official domains. Official emails from Microsoft will not demand immediate action or personal information through unverified links. Always cross-check any requests for sensitive details against the official Microsoft site and ensure that all communications are secure before taking any actions based on them.
Visual Intelligence:
BharatSecure's AI has identified this as a used in scams targeting Indian users.
Who Does Kali365 phishing kit bypasses MFA and steals Microsoft logins Target?
General public across India
Red Flags — How to Identify Kali365 phishing kit bypasses MFA and steals Microsoft logins
- Kali365
- phishing kit
- MFA bypass
- Microsoft logins
- Outlook
- Teams
- OneDrive
- FBI warning
What To Do If You Encounter Kali365 phishing kit bypasses MFA and steals Microsoft logins
- Report the phishing attempt immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in
- Change your Microsoft password immediately if you suspect any compromise
- Enable MFA on your Microsoft account and other sensitive services to add an extra layer of security
- Alert your contacts that they may also be targeted by scams originating from your compromised account
- Educate yourself and others about the signs of phishing attacks to reduce vulnerability
- Keep your software updated to ensure protection against known vulnerabilities.
How to Report Kali365 phishing kit bypasses MFA and steals Microsoft logins in India
- Call 1930 — National Cyber Crime Helpline (24x7)
- File a complaint at cybercrime.gov.in
- Contact your bank immediately if money was lost
- Call RBI helpline: 14440 for banking fraud
Frequently Asked Questions
- What to do if I shared my OTP in a phishing scam?
- If you shared your OTP, immediately contact your bank's customer service helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Report the incident to 1930 or visit cybercrime.gov.in.
- How can I identify the Kali365 phishing kit?
- Look for phishing emails that closely mimic legitimate Microsoft communications but may have poor grammar or odd URLs. Any URL that does not clearly display 'microsoft.com' should be treated with suspicion.
- How do I report this type of scam in India?
- Report phishing attempts to 1930 or visit cybercrime.gov.in. You can also alert your bank if financial information is compromised.
- How can I recover my account after falling for this scam?
- Immediately reset your password and enable MFA. Similarly, contact your bank if sensitive information was shared and monitor for unauthorized transactions.
Related Scams in India
Verify Any Suspicious Message
Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.