Unfortunately the page explaining fully about this scam was being deleted by the server anti-fraud software, but I will explain what happens.
You receive an email telling you that, due to a security update, your password has been changed and the new password is contained within the file attached to the email.
The attached file is a ZIP format file which actually contains a nasty piece of code that will log the sites you visit and also the usermnames and passwords given for those sites. It then reports back with that information to whoever sent the code out in the first place (not the person named as the sender of the email). To make matters worse, it does all this stealthily, changing security settings in Internet Explorer so that it's not detected.
If you receive such an email, delete it.