Where might some spam be originating from


New Email
Can anyone shed any light on this situation?

I have been receiving occasional spam emails, purportedly from a colleague.
1. There is no real attempt at spoofing, the sender's name is correct, but the email address is totally different (both are GMail accounts).
2. There are no links to click on in the email, only plain text.
3. The emails always address me by my full first name, when I am always known to the real person by its shortened form.
4. Only me and one other person in the same organisation seem to receive the spam emails.
5. Worryingly (for her) some of the latest spam emails refer to her as "Cllr Mrs xyz" or so the spammer seems to know she is a member of the county council.
6. Very worryingly (for her), on one occasion, the incorrect GMail account name actually was one of her passwords (....@gmail.com)

What I'd like to know is: is it ONLY her that has been compromised, or is my security at risk too.
I'd also be interested to know what the point of them are, if there are no clickable links!