[ihattendorf]

What if they click the link, run the downloaded invoice.EXE, and enter their password when prompted? At a certain point, the user needs to be educated enough to avoid this.

PDF/Office macros are a whole other topic though.

[sp332]

There's a really big gap there. Look at chromeOS - you can click a lot more email links on that OS without getting ransomware'd.

[Piskvorrr]

Is it because the OS is inherently more secure, or because the malicious code is not written for that OS?

[sp332]

Yeah, the sandboxing helps a lot. I mean look at iOS - super popular, huge target for malware, but it hardly ever gets hacked.