“The attacks are using hijacked email threads and then using those accounts as a launch point to trick victims into enabling macros of attached malicious office documents,” a Thursday report from Deep Instinct explained.