The FBI is warning that a new hacking platform is allowing cybercriminals to hijack Microsoft 365 accounts — including Outlook, Teams and OneDrive — while bypassing multi-factor authentication entirely.

As graduation ceremonies and summer parties fill calendars across the US, scammers are exploiting the excitement with a new phishing scam disguised as digital invitations. The warning comes after the US Federal Trade Commission (FTC) received reports of fake messages pretending to come from popular invitation services such as Evite and Paperless

Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.

Phishing scams have always tried to trick you into clicking malicious links, often relying on scare tactics — fake bank alerts, IRS threats, parking tickets, the works. The new playbook is a little more devious: They're targeting your FOMO instead.

The FBI warned on May 21 that cybercriminals are increasingly targeting Microsoft 365 users with sophisticated phishing scams. The scam uses a tool called “Kali365” to steal account access tokens and bypass multi-factor authentication protections.