e-ticket Air Canada Order emails with an attached word document containing a macro. These emails aren’t from these companies at all, they are just being used to make the email look more genuine. The company itself may not have any knowledge of this email and it’s link(s) or attachment as it won’t have come from their servers and IT systems but from an external bot net. The attachments try to auto-download Dridex, which is designed to steal login information. Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.”]
Source: http://sanesecurity.blogspot.com/2015/03/e-ticket-air-canada-order-completed.html