The normally reliable Vade Secure and the built-in 365 EOP filter, both allowed this spam through. Fortunately, Comodo Client Security’s default deny policy with containment blocked it, when the end user inadvertently opened the attachment and enabled the Excel macros.
This really shows the power of Comodo Client Security.