From zdnet.com
Creating malicious Office macros is still the most common attack technique deployed by cyber criminals looking to compromise PCs after they’ve tricked victims into opening phishing emails.
Phishing emails are the first stage in the attack for the majority of cyber intrusions, with cyber criminals using psychological tricks to convince potential victims to open and interact with malicious messages.