From: PHSOnline [email@example.com]
Date: 17 December 2015 at 11:48
Subject: Your new PHS documents are attached
Delivery of new PHS document(s)
Dear Customer Due to a temporary issue with delivering your document(s) via your online account, please find the attached in DOC format for your convenience. We apologize for you being unable to view your accounts and documents online in the usual manner. Please note that, in the interim, we will continue to deliver documents in this manner until the issue is fully resolved. Regards PHS Group To ensure that you continue receiving our emails, please add firstname.lastname@example.org to your address book or safe list.
Connect with PHS:
Effectively, this is a re-run of this spam from October.
I have only seen a single sample of this. There is a malicious Excel document attached, G-A0287580036267754265.xls with a VirusTotal detection rate of 4/54. According to the Malwr report this attempts to download a binary from:
At present, this download location 404s but other versions of the document will probably have different download locations. The payload is the Dridex banking trojan, as seen several times today    .