A new phishing campaign is going around that uses Word documents and macros to spread information-stealing malware. The lure is the tried-and-true banking statement gambit.
With a simple subject line that says, “Financial Statement,” an official-sounding mail informs the victim-to-be that his or her requested statement is attached—followed by a confidentiality clause that’s intended to add an air of legitimacy.