Malicious email is not comically dumb any more. One malicious strain, called Emotet, appears to come from a known contact and looks as if it is replying to an existing thread. If you click on the links or attachments, you are done for. Dan Goodin at Ars Technica breaks it down.
For me, if it has an embedded link or an attachment, I assume it is malicious until proven otherwise. This is particularly true from financial institution-related or account-related email. I’ve managed to avoid trouble because of constant vigilance. I wonder how many people out there have been compromised and don’t even realize it.