A warning of a new phishing scam that allows cyber attackers to gain access to Microsoft 365 users’ accounts has been issued by the FBI.

The FBI issued a public warning called Kali365 that first appeared in April, where attackers can access your Microsoft 365 user accounts without needing to know your password.

According to the FBI, it is distributed through the messaging app Telegram, which allows attackers to bypass multi-factor authentication.

Len Gonzales is a cybersecurity expert with Ally Cyber Investigations.

“It’s just a matter of it looking real enough to entice you to click on something to enter information. Once that happens, you’re the next victim,” said Gozales.

To avoid being the next victim, cybersecurity expert Gonzales says, don’t be a clicker.

“Don’t be that person that just clicks, clicks, clicks, clicks away and then on the back end then just sits there and has to explain why you’ve just compromised a complete computer network because you’re clicking away,” said Gonzales.

On the alert, the FBI offers tips on how to avoid being scammed by restricting device code flow to limit or block device authorization codes that can help prevent or limit this style of attack.