**FOR IMMEDIATE RELEASE**
**CEO ALERT: FBI Warning on Microsoft 365 Phishing Campaign—Action Required**
---
**EXECUTIVE SNAPSHOT**
The FBI has issued a critical alert targeting a sophisticated phishing campaign exploiting OneDrive and Outlook integration, currently active against enterprises. Attackers are bypassing multi-factor authentication (MFA) by weaponizing legitimate Microsoft 365 workflows.
**The Attack Vector (72-hour window to audit)**
Threat actors are using compromised trusted partner accounts to send internally-looked emails, embedding Microsoft OneDrive "Share" requests that appear valid. Upon accepting, users are redirected to a counterfeit Azure AD login page. The MFA prompt is real—captured in a session replay attack—allowing criminals to steal tokens and escalate privileges before passwords expire.
**Immediate Business Impact**
- **Privileged escalation:** Hijacked tokens allow lateral movement within hours.
- **Data exfiltration:** Primary targets appear to be finance and legal departments handling M&A documents.
- **Reputational risk:** Victims include multiple Fortune 500 firms in legal discovery windows.
**CEO-Level Action Items**
(1) **Disable one-click file sharing** on all OneDrive shares from external domains—as of 6:00 AM EST today.
(2) **Enforce hardware-based MFA (FIDO2 keys)** for all users with access to finance, legal, or client-facing data.
(3) **Run immediate credential token revocation** for any account with a session login from an unrecognized IP in the last 14 days.
**Cost of Inaction**
Average breach cost has risen to $4.88M per incident; this attack vector reduces detection time from days to hours.
**Call to Action**
Instruct your CISO to implement restrictions on external file sharing within OneDrive and Outlook by the close of business today. Failure to do so may expose privileged communications, including pending board materials, to active