**TOP 5 THINGS YOU NEED TO KNOW ABOUT THE FBI’S NEW ALERT ON MICROSOFT ONEDRIVE**
🚨 **1. It’s a “Living off the Land” Attack**
Hackers aren’t using malware—they’re abusing **legitimate OneDrive features** (like file syncing and sharing) to blend in with normal traffic. The FBI says this makes detection nearly impossible for standard antivirus.
🕵️ **2. The “Phantom Invoice” Trick**
Attackers send fake OneDrive share notifications that look like an overdue invoice from a known vendor. The email contains a **legitimate OneDrive link**—once clicked, it asks you to re-authenticate, handing over your credentials.
⚡ **3. Targets Are High-Value (And You Might Be One)**
The alert specifically warns that **executives, finance teams, and IT admins** are being hit. The goal isn’t just data theft—it’s to use your compromised account to launch deeper attacks inside your company’s network.
🛡️ **4. Multi-Factor Authentication (MFA) Is Not Enough**
Even with MFA, hackers are using **OAuth “consent phishing”**—when you approve a fake app’s request to access your OneDrive, they bypass your MFA entirely. The FBI advises auditing all connected apps immediately.
📢 **5. The FBI’s #1 Action for You**
Do not click “Open” on any OneDrive file you weren’t expecting. Instead, **check the file’s “info” icon in OneDrive** first—if the sender name doesn’t match the email address, it’s a trap. Report it to your security team or the IC3.