A file-based attack is an attack where threat actors use certain file types, usually those bearing document file extensions like .DOCX and .PDF, to entice users to open them. The file in question is embedded with malicious code; thus, once opened, this code is also executed.