What's really going on, of course, is that opening that document will run some malicious code, in a document macro. Most likely it's going to try to exploit some Windows bug (and they sent it to me not knowing I have a Mac), but you never know, there might be a Mac bug to exploit too.
Do people actually fall for things like this? Unfortunately, yes – predominantly younger people (who believe themselves immortal or are just ignorant) and older people (who just don't understand the risk). Not long ago I read a study that showed about 4% of recipients actually opened things like this – even examples like this one that aren't well-targeted or particularly convincingly worded.
Don't you be one of them!
