The hackers used email spoofing to make a malware-laden email look like it was sent from a co-worker and tricked the victim into clicking on the malicious link, which then downloaded a program and ran it on the victim's computer.