Cyberattackers send phishing emails purporting to be a reputable cloud or document-sharing service. The emails contain codes and instructions for visiting a real Microsoft verification page where the code is then entered. When the victim inputs the device code, they are unwittingly authorizing the cyberattacker’s device to access their account. Once a cyberattacker has successfully pulled off the phishing scam, they have access to the victim’s Microsoft services including Outlook email, Teams and OneDrive cloud service.The cybersecurity threat stems from the platform Kali365 which the FBI describes as a Phishing-as-a-Service platform. Kali365 has been mainly distributed on Telegram and enables hackers to bypass multi-factor authentication without the need for a user’s log-in credentials.What is the importance of phishing as a service ?
