Spammers get access to people's address books using malicious code embedded in web sites and other spam emails. They then send out emails with one person's email address in the reply to: field to all the other people in the address book so you think that it is from someone you know.
It is called spoofing and it gets round the most common email filter which tends to allow mail from people in your address book. The email account of the person who appears to have sent you the mail probably hasn't been compromised.
Depending on your mail programme you should be able to check where exactly the message has come from. |