From: RBC - Royal Bank [firstname.lastname@example.org]
Date: 15 February 2017 at 17:50
Subject: RBC - Secure Message
Signed by: rbc-secure-message.com
Attached is a file RBCSecureMessage.doc which contains some sort of macro-based malware. It displays the following page to entice victims to disable their security settings.
Automated analysis is inconclusive  . The domain rbc-secure-message.com is fake and has been registered solely for this purpose of malware distribution. In all the samples I saw, the sending IP was 22.214.171.124 (Liquidweb, US) but it does look like all these IPs in the neighbourhood are involved in the same activity:
I recommend you block 126.96.36.199/27 at your email gateway to be sure.