To the untrained eye, the email in question will probably sound legitimate. Highlighted by the fine gents at Symantec, the spam campaign contains various clues that give away its malicious intent, starting with the email subject and ending with the attached file.
The email goes as far as to claim that if your antivirus tries to warn you, it’s because HeartBleed caused it to go insane. The campaign basically tries every trick in the book to get you to run the malicious executable hidden beneath a DOCX file.
Whoever gets tricked into running the program will unknowingly have downloaded a keylogger that records keystrokes (containing your passwords, credit card info, and whatever you regularly type on your computer), takes screenshots, and sends this information to a free hosted email provider.
The security firm urges users to be skeptical whenever faced with emails that request personal information as well as emails containing attachments with instructions to execute the bundled program.