Date: Fri, 15 Feb 2013 07:24:40 -0500The malicious payload is on [donotclick]220.127.116.11:8080/forum/links/public_version.php (Railcom, Mongolia) (report here) which is a well-known malicious IP that you should definitely block if you can.
From: Tasha Rosenthal via LinkedIn [firstname.lastname@example.org]
Subject: RE: Wire transfer cancelled
Wire Transfer was canceled by the other bank.
FED NR: 94813904RE5666838
Transfer Report: View
The Federal Reserve Wire Network
Update: there is also a "Scan from a HP ScanJet #841548" spam for the same IP, sending victims to [donotclick]18.104.22.168:8080/forum/links/column.php