Human resource management is the first point of contact to the external network as they need to share email ID to public. People looking for job in that any organization will attach resume and send the same to HR via email. They attached files may be pdf, word, odf,. etc..
Attacker takes this as an advantage, then crafts a word document having macros and sends to HR mail id with the name of resume. Assuming that it is an original job request, the HR person will open it. Boom! the payload inside the macro gets executed and introduces malware to that PC. That said, It's not easy to craft the macro but it is not an impossible job. Execution of payload may depends on the vulnerable office suites, pdf readers, mail clients.. etc. If the PC is running without updates and patches, then it will be very easy to exploit.
- Adding virus scanner plugins in mail client will save from known viruses inside the document.
- Avoid opening mails from sources like .tk,.protonmail ..etc
- Never turn on Macros in document readers
- Updating patches of Office,pdf suites.