The double-link thing may make it harder for Google’s current spam detection algorithm to catch the email, if the URL triggers it but they don’t scan attachments.

Or…a lot of older intrusions involved just getting someone to open a Word doc, at which point Word’s very powerful scripting allowed would run software in the background to compromise the machine. That could be the end-game right there.