**🔴 FBI ALERT: Top 5 Things You Need to Know About the Outlook & OneDrive Threat**
Here is what the FBI is warning everyone about right now.
- **🚨 Nationwide "Phishing-as-a-Service" Attack:** The FBI has issued an urgent alert about a sophisticated cybercrime operation targeting Microsoft **Outlook** and **OneDrive** users. Hackers are using a "Phishing-as-a-Service" platform, making it dangerously easy for even amateur criminals to steal your credentials.
- **🎣 The "Info-Stealer" Trap:** The attack uses a two-step trick. You get a legitimate-looking email alerting you to a fake "sharing request" in OneDrive or a "security warning" in Outlook. When you click, it doesn’t just ask for your password—it deploys an "Info-Stealer" that scrapes your saved passwords, cookies, and crypto wallets.
- **🔐 Your MFA Is Being Bypassed:** This is the scariest part. The malware uses a technique called "cookie theft" to steal your active session tokens. Even if you have **Multi-Factor Authentication (MFA)** turned on, the attacker can skip the login step entirely and access your account in real-time.
- **💼 Business & SMBs Are Primary Targets:** The FBI notes that small-to-medium businesses are being hit the hardest because they often lack dedicated IT security. The attack is designed to silently scrape **corporate OneDrive files**, gaining access to client contracts, payroll data, and internal emails for ransom or identity theft.
- **🛡️ Immediate Action Required:** Do NOT click any links in unsolicited emails claiming to be from "Microsoft Support" or "OneDrive File Center." Instead, go directly to **portal.office.com** to verify. The FBI also recommends using a FIDO2 security key (hardware token) for MFA, as it