Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phoney websites, and phishing emails. As the pandemic has triggered a huge shift toward remote working, so, too, have criminals been trying to target business employees working at home. In a blog post published Wednesday, Abnormal Security describes a new phishing campaign that exploits the need for VPNs. The initial phishing email arrives with a notification ostensibly from IT support at the recipient’s employer. The sender’s address is even spoofed to impersonate the domain of the specific organisation. The body of the email itself is brief with simply a notice and link for new VPN home configuration access.