Plenty of COVID-19 themed phishing emails have been observed since the outbreak started. A specific campaign claiming that an employee tested positive for the virus and updated guidelines are being provided to prevent further infections. The email bodies vary slightly but the subject lines have the same pattern and all have HTML files attached. Opening the HTML file displays a blurred document overlaid with a Microsoft login box in the browser. The blurred decoy document contains COVID-19 related information, increasing its perceived legitimacy. Attempting to login leads to the exfiltration of the provided credentials to a remote URL. The researchers note that the style sheets for the HTML file are hosted on a compromised site and the blurred background image is hosted on a legitimate image hosting site.