Very common. An attacker will send an email designed to look genuine or even like it's from someone you know. The attachment is invariably bad news, designed to attack your computer in some way. Examples would be;
An email from a courier company asking you open the attached invoice.
An email from HMRC explaining you have a tax refund and can you 'please read the attached'.
The point of the attack is to persuade the user to surrender confidential information such as usernames, passwords, credit card details etc.
If directed to a website via an email then it's always a good idea to look at the URL at the top of the page. For instance if directed to HMRC then you would expect to see something like taxclaim.hmrc.gov.uk and not hmrc.taxclaim.com
Further info can be found from the following links;