These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or other log in credentials.
Be very careful with email attachments. Most of these emails use Social engineering tricks to persuade you to open the attachments that come with the email.
The basic rule is NEVER open any attachment to an email, unless you are expecting it.
Remember that funny pictures come from Facebook or snapchat, not via email.
If you see JS or .EXE or .COM or .PIF or .SCR or .HTA .vbs, .wsf , .jse .jar at the end of the file name DO NOT click on it or try to open it, it will infect you.