EMAIL IS NOT SECURE You should not trust that the email came from the address it appears to come from (spoofing, domain impersonation, compromised accounts), that the links are what they appear (different text from the underlying link, domain impersonation, malicious URL shorteners), or that attachments are safe (virus scanning is much better at known threats than new threats).
If you weren't expecting an email be extremely wary of it
If you are ever suspicious of an attachment feel free to send it to CompHelp for review. We can open them in a virtual machine so as to not risk a real system
Do not trust links, especially for anything prompting for a password. It is much better to use UW search to navigate to the same page whenever possible. ess looks a lot like ėss, and it is possible to use foreign language character sets to make a fake domain URL
indistinguishable from the real domain even in the URL
bar (see https://www.xudongz.com/blog/2017/idn-phishing/
Likewise the from address can be easily spoofed; you see this in the event announcement emails which appear to come from firstname.lastname@example.org but are actually generated by a script.