The latest burst of malspam is using PDFs featuring bogus receipts to spread a new strain of ransomware called GandCrab.
First an email arrives with a PDF attachment that contains a captcha to prove the recipient is a human being. A click on this will release a rogue Word document. If the unsuspecting user opens this, they will be invited to enable macros. Anyone who follows this instruction will activate a PowerShell script which, in turn, will release the GandCrab ransomware, triggering the process of encryption.
Hopefully any reasonably savvy recipient will have smelled a rat at some point before their files become encrypted. However, this latest exploit does highlight the importance of treating unsolicited attachments with extreme caution.