Some of the most effective recent hacking attacks have used very straightforward programs- ones that come to the front door and ask permission before taking over a computer. These attacks have cost enormous amounts of money, time and endless headaches for security teams everywhere because they attack a common weak link in the security chain- the user.
“Spearphishing” is a security industry term referring to faked emails which are sent to specific users on a private computer network- targeting those who are most likely to allow an outside program into the vulnerable inside of a private network. Most spearphishing attacks are made using infected attachments- something as simple as an image file can contain a virus.
Even with modern Spam filters and security tools being incautious with small things like this can wreak havoc on a valuable network, so make sure to exercise caution even there.