The Center for Internet Security has published an alert describing a phishing campaign that seems most likely to target personnel with financial responsibilities.  

Note that it takes a vulnerable release of Adobe Reader to begin infection, and most malware protection software does detect the trojan that an infected system will try to install -- as if anyone needs more good reasons to keep software up-to-date and to avoid opening unexpected attachments.  

It's certainly possible that people with no financial responsibilities will receive this message.  Zeus/Citadel, for example, has been found infecting students' computers.  

From the alert: 

CIS recently became aware of a massive spam campaign targeting users in various sectors. Phishing emails used in the campaign contains a PDF attachment named Invoice621785.pdf. This attachment is a weaponized PDF document exploiting a vulnerability in Adobe Reader (CVE-2013-2729). After successful exploitation, user's system will download additional malware from hxxp://rlmclahore.com/Resources/Search/1510out[.]exe. This is a banking trojan similar to Zeus/Citadel that it targets sensitive user information including banking credentials. As of this writing, all of the major AV products are detecting this malware as Tojan Dyre/Zbot/Fondu.

 

Phishing Email Characteristics:

 

  • Subject: "Unpaid invoic" [Please note the typo in the subject line]
  • Attachment: Invoice621785.pdf

 

 

Recommendations:

 

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Do not open email attachments from unknown or untrusted sources.
  • Limit user account privileges to those required only.
  • Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
  • Ensure that systems are hardened with industry-accepted guidelines.
  • Make sure all AV products are up-to-date with their signatures.