**Top 5 Things You Need to Know About This FBI Alert on Outlook & OneDrive**
🚨 **The Threat is "Living off the Land"**
Hackers are not using complex malware. They are exploiting legitimate Microsoft features (PowerShell, macros, and *OneDrive sync*) to steal credentials. Because the tools are native, antivirus often mistakes the attack for normal user behavior.
🌩️ **OneDrive is the New "Drop Zone"**
Once a hacker compromises a single account, they abuse the *OneDrive connector feature* to secretly sync stolen files from your PC directly to their own cloud. You won’t see a weird file download—you’ll just see your data disappear into a folder you don’t own.
📎 **That "Signed" PDF Could Cost You Everything**
The attack begins with a malicious link inside a *OneDrive shared PDF*. When you click it, it redirects through legitimate Office 365 login pages to steal 2FA tokens in real time (adversary-in-the-middle attack). If you typed your password, the clock is ticking.
📧 **Your Trust is the Exploit**
The FBI warns these emails are sent from *compromised professional contacts* (vendors, HR, legal teams). Because the email comes from a real person at a real company, your brain bypasses the security filter. You think: *"Oh, that's just Bob's file."*
❗ **What to Do Right Now**
- **Kill the Sync:** Go to OneDrive Settings > Account > Unlink this PC.
- **Enable "Number Matching" in MFA:** This stops adversary-in-the-middle attacks.
- **Inspect the Link:** Hover over any OneDrive share link. If it contains “sharepoint.com” but shows a non-Microsoft PDF preview, **do not click.**
🛡️ **Bottom Line:** If you get a sudden OneDrive share request from a colleague you