On our company (hosting & PaaS), I was contacted on our internal messenger by a person I've never seen before, asking me to "please" run some commands as root and send back the results. After the initial shock (and due infosec diligence) I found out it was just "the new guy", needing to collect info about our systems for equipment inventory purposes. Since they didn't have access to our networked management tool yet, and didn't know the finer points about how running `curl ... | sh` randomly is not a good idea, they thought it would be ok to get that information piecemeal directly from people.
When I worked at Sun Microsystems, they had a clever launcher shell script dealie for things like StarOffice documents that did usage tracking, portability fixes (usually setting obscure environment vars), and of course downloading and opening the actual document. Then they started sending those shell scripts as email attachments. One day they sent out an email telling people to not open executable email attachments: the full memo was a SO document wrapped in one of these scripts.
To their credit, after the inevitable replies to that email they never used that wrapper again (they moved the launchers to the centralized NFS install where they always should have been)
It happens.