The Heartbleed vulnerability truly is causing almost everyone a major headache. On a scale of 1 to 10, this is an 11. Now on top of the bug itself, there are hackers sending out phishing emails related to Heartbleed. One of these is that they try to trick users to give passwords that have not been compromised yet!
Watch out for any emails (or scam phone calls) that relate to the Heartbleed bug. Any emails with links should not be followed, any attachments should not be opened, and in case they want to change a password, wait until that site has announced they are patched, and they should go to that site directly and not click on any link to get there.