Graham Cluley’s security site shares awareness on avoiding fake invoice emails that are circulating with Word macro viruses embedded (a 20 year old attack method):

 

It’s been over 20 years since the first Word macro virus reared its ugly head and pulled the carpet from underneath the feet of computer users worldwide.  Up until then, it was pretty easy to know what to look out for – executable files (normally .EXE or .COM) and floppy disk boot sectors.

But macro viruses changed all that, infecting the templates inside Microsoft Office files – Word documents, Excel spreadsheets and Powerpoint presentations – where Microsoft had, rather unhelpfully from the security point of view, incorporated a macro language that could execute instructions.

And, of course, computer users were much more used to having Word documents and even (in some cases) spreadsheets sent to them via email than they were .EXE files, and so the opportunities for malware to spread successfully grew significantly.