How does the Word document template trigger the authentication prompt in phishery?

The malicious Word document (generated by phishery) contains an XML-based URL template in its document settings. When the document is opened, Word automatically makes an HTTPS request to the attacker's server for the template file. The server responds with a 401 Unauthorized and a `WWW-Authenticate: Basic` header, causing Word to display the standard login dialog. This technique works only with HTTPS (not HTTP) and applies to Word, not Excel or PowerPoint.