The Federal Bureau of Investigation issued a public warning Thursday about a new phishing tool that enables cybercriminals to access Microsoft 365 user accounts without needing to steal passwords.

The sophisticated attack method specifically targets Microsoft Outlook, Teams, and other Office 365 services, representing an escalation in cybercriminal capabilities against widely-used business and personal productivity platforms.

According to the FBI warning, the new phishing technique bypasses traditional password-based security measures, though the bureau did not provide specific technical details about how the attacks are executed or the scale of affected users.

Microsoft 365 services are used by hundreds of millions of users worldwide across corporate, educational, and personal environments, making them attractive targets for cybercriminals seeking access to sensitive communications and data.

The warning comes as cybersecurity experts have documented increasing sophistication in phishing attacks, with criminals developing tools that can circumvent multi-factor authentication and other security measures previously considered reliable protection against unauthorized access.

Federal authorities typically issue such public warnings when they identify significant threats that pose widespread risk to users, though the FBI has not disclosed whether any major breaches have already occurred using this particular method.