But what happens when that format becomes a spear ?

In the old days, you had to download a strange program to get hacked. Today, you just have to open an invoice.

Here is what you need to know about the evolution of the malicious PDF into the ultimate spear-phishing weapon. Traditional phishing is a net. An attacker casts a wide net with a fake PayPal invoice or a "Your account has been locked" email. It’s sloppy, and most security software catches it.