The District of Columbia Bar intercepted and blocked emails to their bar members purporting to be from Citibank. These emails claimed that there were insufficient funds to cover a check written on their IOLTA accounts. There was an .zip file attachment that claimed to have more information and likely contained malware. The messages bearing forged firstname.lastname@example.org return addresses were sent from several different email servers internationally and it is probable this is part of a larger phishing attack targeted at legal professionals.
If you receive an email like this one, do not open any attachments. If you are not sure of the validity of the email, call the purported sender directly through an official channel (e.g. getting their phone number online) to verify the information. Tell them that you may have received a phishing scam using their information. Forward the message to the financial institution it is claiming to be. Then delete it.
Another version of this scam is to have a link embedded in the email and a reason you should be entering confidential information at the end of that link. Do not click on the link and delete the email.
Think before you comply with an emailed request or instruction. Does this make sense? Does something feel wrong? Ask before you click. If you do fall victim to a phishing scam like this one, contact your financial institution to start a claim immediately.