Had this same thing, but then with a couple of my customers.
This is a phishing attack.
After a while I talked with one of those customers and they knew about it. It was "an email that got compromised".
Eg. one of their employees did fall for the phish and opened the email, clicked the link, opened the binary. Got infected and (a part of?) their inbox uploaded to the spammer. That is then used to send out new targeted phishing attacks where the name is spoofed, but send from another victim of theirs. Pretty effective phishing attack it seems. Took me a bit before I realized what I was looking at as the email seemed to come from that customer. It was only because it was a bit weird that I noticed things being off like that the email address itself was different.
This is a phishing attack.
After a while I talked with one of those customers and they knew about it. It was "an email that got compromised".
Eg. one of their employees did fall for the phish and opened the email, clicked the link, opened the binary. Got infected and (a part of?) their inbox uploaded to the spammer. That is then used to send out new targeted phishing attacks where the name is spoofed, but send from another victim of theirs. Pretty effective phishing attack it seems. Took me a bit before I realized what I was looking at as the email seemed to come from that customer. It was only because it was a bit weird that I noticed things being off like that the email address itself was different.