Data thieves are smart
One of the newer phishing attacks is using PowerPoint slide decks to attack a know Windows vulnerability. The malicious PPT file triggers an exploit for the CVE-2017-0199 vulnerability, which starts the infection process and gets malicious code to run using the PowerPoint Show animations feature, which downloads a file logo document if successful.