Not sure if this is just being 'over-hyped', but I have seen a lot of alerts along this line over the past few days.

The Canadian Cyber Incident Response Centre (CCIRC) has received reports of a new e-mail-based technique for spreading Trojan horse programs. Because of the nature of this technique, standard defensive measures such as anti-virus software and firewalls are not completely effective. As a result, the risk of critical infrastructure networks being compromised by attacks employing this technique is significant.

The "From" address of the e-mail is spoofed, making it appear to come from a colleague or reliable third party organization;

The subject line and text of the e-mails appear relevant to the recipient’s work, or may be copied from a previous legitimate e-mail; and

The attachment name and type appear relevant to the text and to the recipient’s work
Now I personally haven't run into anything related to this yet (has anyone seen this type of activity?) so I tend to believe this may be a bit of an over reaction but I could be wrong.

Full Alert Message

Cheers: