From: RBC - Royal Bank [email@example.com]
Date: 15 February 2017 at 17:50
Subject: RBC - Secure Message
Signed by: rbc-secure-message.com
Attached is a file RBCSecureMessage.doc which contains some sort of macro-based malware. It displays the following page to entice victims to disable their security settings.
Automated analysis is inconclusive  . The domain rbc-secure-message.com is fake and has been registered solely for this purpose of malware distribution. In all the samples I saw, the sending IP was 220.127.116.11 (Liquidweb, US) but it does look like all these IPs in the neighbourhood are involved in the same activity:
I recommend you block 18.104.22.168/27 at your email gateway to be sure.