No malicious sign ins, IP address matches, but an unrecognized email was sent from the end user?

Hello!



Would anyone be able to explain this situation to me? I received an email on Outlook from our VP, it was an attachment she had already sent me in the past, followed by an email from another worker who had received a similar email from this VP, a blank email with a single attachment of something that had been sent before.



I got on the phone with our 3rd party IT, and after resetting the passwords, we went through …

address attachment cybersecurity email end end user hello ip address malicious outlook sign worker