Having the URL link in an attached document rather than the body of an email message, spammers are able to evade some of the antispam content-filtering techniques.
Microsoft Word is a convenient format because it supports clickable links and most recipients will have Word installed or would be able to open the document with another compatible word processor.
Here at Qbit we have been receiving multiple emails from these spammers, all with different subject lines and attachment names. The spammer is varying the attachment file name, email body text and subject in nearly every batch of the messages sent.
Here are some examples:
The attachments for these samples have filenames similar to: Bill90023.doc, Invoice25826.doc, Claim59703.doc and Statement67345.doc, but the content remains the same.
Remember our #1 rule; Do not open attachments from senders you’re not familiar with. If you receive these emails please delete them.