FBI warns of Microsoft 365 phishing platform that can expose business data

By AI, Created 3:56 PM UTC, May 29, 2026, /AGP/ – The FBI has warned about Kali365, a phishing-as-a-service platform that can use legitimate Microsoft authentication flows to steal Microsoft 365 access without breaching Microsoft itself. Security experts say the attack shows why businesses need more than software to defend email, files, and communications.

Why it matters: - The FBI warning covers a threat that can expose business email, Teams chats, OneDrive files, SharePoint data, contracts, and other sensitive records stored in Microsoft 365. - A compromised Microsoft 365 account can become a gateway to financial records, customer information, intellectual property, stored passwords, and internal communications. - The attack targets human behavior and trust, not a Microsoft platform breach.

What happened: - The FBI issued a Public Service Announcement about “Kali365,” a phishing-as-a-service platform aimed at Microsoft 365 users. - Kali365 uses legitimate Microsoft authentication processes to trick users into granting access to their accounts. - Once attackers get in, they can view emails, Microsoft Teams conversations, OneDrive files, SharePoint data, business documents, and other information inside a company’s Microsoft environment. - The warning was highlighted for business owners across Georgia and South Carolina.

The details: - Microsoft itself has not been breached. - Attackers are exploiting legitimate authentication workflows and user behavior to obtain access. - Robert Smith, director of cybersecurity and risk management at IntelliSystems, said the incident is “a reminder that modern cybercriminals increasingly target people rather than technology.” - Smith said email is often the entry point that unlocks access to Teams conversations, shared files, cloud storage, and other business data. - Kali365 gives cybercriminals attack tools, automation, phishing templates, and technical support that once required advanced expertise. - Smith said organized criminal groups now provide tools, support, training, and infrastructure to cybercriminals worldwide. - Smith said sophisticated attacks are getting easier to launch as the technical barrier to entry falls. - Smith said businesses need real security programs rather than reliance on technology alone. - IntelliSystems says many organizations mistakenly think buying security software or meeting a compliance requirement makes them secure. - Smith said tools only work when they are properly selected, configured, monitored, maintained, and regularly tested by experienced professionals. - Smith holds CISSP, CISM, CISA, CASP+, and AAISM certifications. - Smith has spent more than 15 years helping organizations identify vulnerabilities, reduce risk, and strengthen defenses. - IntelliSystems says low-cost IT providers can unintentionally create risk when they lack the expertise, staffing, or security resources needed for a mature cybersecurity program. - Smith said cybersecurity providers must design, implement, and maintain a full security program that includes technology, monitoring, employee education, policies, procedures, incident response planning, and continuous improvement. - IntelliSystems was founded in 1993. - IntelliSystems provides managed IT services, cybersecurity, compliance consulting, cloud solutions, business communications, and technology strategy in Georgia and South Carolina. - The company says it supports more than 200 organizations and about 3,000 end users each year across Augusta, Columbia, Greenville, Savannah, and Macon. - IntelliSystems says it is the only company in Georgia and South Carolina holding the GTIA Cybersecurity Trustmark Assured designation. - Fewer than 60 companies worldwide hold that designation. - IntelliSystems says its engineering and cybersecurity teams hold more than 200 technical certifications.

Between the lines: - The warning underscores a shift in cybercrime from technical break-ins to social engineering and identity abuse. - The message from security specialists is that even trusted cloud platforms become high-risk when attackers exploit gaps in process, training, and oversight. - The rise of phishing-as-a-service lowers the skill needed to run advanced attacks, which increases the number of potential attackers.

What’s next: - Businesses using Microsoft 365 are likely to face more attempts that mimic legitimate sign-in flows. - Security teams will need tighter monitoring, stronger user training, and more rigorous incident response planning to limit damage. - Organizations that rely on outsourced IT will need to judge whether their providers can build and maintain a full cybersecurity program, not just install tools.

The bottom line: - The FBI warning is less about a Microsoft failure than a broader reality: attackers are winning when organizations leave people, process, and identity controls weak.