File format manipulation involves altering common document types like PDFs, Office files (Word, Excel), or archives (ZIP) to conceal harmful content. Attackers exploit how readers interpret these files by embedding malicious scripts, creating deceptive overlays hiding real content, or using features like macros. This differs from standard phishing emails using plain text or basic links by actively leveraging the file's internal structure and functionality to bypass some defenses and trick users.

Attackers frequently distribute manipulated files via email attachments posing as invoices, delivery notices, or faxes. For instance, a PDF might display a legitimate login page overlay but capture entered credentials underneath. An Excel file might contain hidden macros that automatically download malware when macros are enabled. Another common trick uses ZIP archives containing executables masquerading as harmless documents.

While effective at bypassing simple email filters, this technique relies on users opening attachments and enabling dangerous features like macros. Email security gateways can block known malicious files. Mitigation involves user training to scrutinize unexpected attachments, organizational policies disabling macros by default, and using security software that analyzes file behavior in isolated environments. File format vulnerabilities continuously evolve, requiring ongoing defense updates.