Forum Discussion
How should home and small org users address Kali365 Hijacking Microsoft 365 Access Tokens?
How should home and small organization small business users address the recent Federal Bureau of Investigation Public Service Announcement “to warn the public about an emerging Phishing-as-a-Service platform called Kali365, first seen in April 2026”
See Alert Number I-052126-PSA 21 May 2026
1 Reply
Home and small-business users should:
Enable MFA (preferably passkeys or security keys).
Avoid clicking Microsoft 365 login links in emails.
Keep devices and browsers updated.
Regularly review account sign-in activity.
Change passwords and sign out of all sessions if compromise is suspected.
Train users to recognize phishing attempts.
The best defense against Kali365 is preventing phishing attacks from succeeding in the first place.
