Re: Users need to know that
"Not all spam is obvious".
I used to be very confident that I will not be fooled/caught by spam/phishing/ransomware, until one of our clients were hit by a ransomware attack.
In discussing it with the person who opened the offending document (the secretary to a main board director), I discovered the following:
The company had placed job advertisements in various papers and social media, requesting CV's to be sent to said secretary, setting out exactly what information they wanted and the format it had to be in.
To all outward appearances it looked like a legitimate job application - even to the point that the attacker had a long string of spaces after "My CV.docx", to guard against people who display file extentions.
I would have opened that document in those circumstances as well.