In fairness, it was file extension spoofed[1] exe made to look like a PDF file. When sent to someone who frequently downloads and opens PDFs as part of their job, it would be a very easy mistake to make, especially for the unaware to this attack vector.
[1] https://www.malwarebytes.com/blog/news/2016/09/lesser-known-...