A common tactic for threat actors is to leverage weaknesses in human behaviour. Over the years a combination of poor configuration has led people to ‘click YES’ syndrome. A common vector for attackers is to send emails with document attachments using either embedded macros or abusing Office document OLE functionality.
Below we have a live sample of a phishing document. As you can see it’s been styled in a similar fashion to the Office user interface. Read more “A day out phishing”