Area 1 Security researchers have identified a Microsoft SharePoint phishing campaign that leverages new COVID-19 restrictions to steal victims' login information. The attacker targets upper-level management and executives, using Virtual Private Servers (VPS) to send their phishing messages. The malicious links direct users to spoofed Microsoft login pages hosted on various cloud computing platforms. This campaign is difficult to detect due to its use of VPS and leading email service providers, as well as abuse of multiple cloud services throughout several stages of the attack.