Attacks/phishing messages that come with e-mail messages have become more common.
As a general guideline regarding spam, you should never open suspicious messages/attachments or click on links in them. The concept of a suspicious message is vague, but usually the number of typos already tells a lot. Even messages seemingly coming from a colleague are not necessarily reliable, because the sender information may be fake, or the credentials may have ended up in the wrong hands. Users need to be very alert at all times.
In the past, spam mails focused on advertising, but recently the main purpose has been to mislead the recipient into installing malware on the device, or to direct the recipient to a seemingly reliable looking page that requires login and that way handing over the password to the attackers.