Human Resource departments usually process many job applications and resumes from the general public.  They should always be alert for malware and made technically secure, as many documents are received from non-secure sources.  They avoid all suspicious documents, as targeted attacks to specific companies are circulating. 

Targeted Attacks emailed to Human Resource departments

QUOTE: The IC3 (Internet Crime Complaint Center) is reporting that businesses are receiving fake job applications in e-mail with malicious attachments. The malware is a Bredolab variant, connected with the Zeus/Zbot botnet. “Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online,” IC3 said in a news release. In this case the attachment is actually an executable file, svrwsc.exe, which means that many security and e-mail systems would strip it out on that basis alone. Outlook, for example, strips .EXE attachments by default.