I got a strange email and I just want to confirm my suspicions.
For background, I have my own email server which I set up using iRedMail on a VPS. I have an acquaintance who most likely has be on their address book, although I don’t have them on mine.
I got a highly suspect email with "Urgent! <acquaintance’s name>" as the subject, and a body that just said they need a favour. Looking at the headers of the email, I see that the Sender field is an unrelated university email address from another country, while the From field is my acquaintance’s name and a different email address than the one I had communicated with them in the past.
My hypothesis is that their account got hacked, the hacker stole their address book and is sending a scam to all of their contacts.
My fear is that my own server got hacked, or something. My email setup did not complain about this email even though I have virus scanning, and I expect that the regular checks (DKIM, SPF etc.) were done.
Can anyone confirm my hypothesis?