**Viral News Snippet:**
**URGENT: FBI Issues "Do Not Open" Alert – Outlook, OneDrive, and Microsoft 365 Users Warned of “GhostLoad” Phishing Wave**
🚨 **CONFIRMED: REAL** 🚨
A joint alert from the FBI and CISA is warning of a sophisticated, fast-moving phishing campaign targeting Microsoft Outlook and OneDrive, dubbed **“GhostLoad.”**
The attack bypasses traditional email filters by sending what appears to be a harmless "shared document" notification directly from OneDrive. Once opened, the link routes users through a series of legitimate-looking Microsoft authentication screens before stealing credentials.
⚠️ **What is real:**
- The FBI’s Internet Crime Complaint Center (IC3) has confirmed active spear-phishing campaigns exploiting OneDrive sharing features.
- Attackers are using compromised Office 365 accounts to send invitations for “internal” files that look completely legitimate.
- Security researchers at Mandiant and Proofpoint have independently verified the “GhostLoad” payload, which now includes a **multi-factor authentication bypass** using fake live prompts.
❌ **What is fake:**
- **The “hack your camera/lock your PC” claims:** Viral TikToks falsely claim clicking the link triggers remote code execution. *False – this is a credential harvesting attack, not a system takeover.*
- **“Delete your OneDrive app now” rumors:** Cyber officials explicitly advise *against* deleting apps. Instead, disable automatic file sharing for external domains.
- **False claim that it’s a “Microsoft zero-day”:** This is a social engineering exploit, not a flaw in Microsoft code.
**🛡 Official FBI Advice:**
- Do NOT click “Open in Browser” on unexpected OneDrive/Outlook attachments
- Enable number-matching in Microsoft Authenticator to block fake MFA prompts
- Report suspicious .onmicrosoft.com links to the IC3
**Bottom line:** The