Every week, at times it seems every day, I get an email from someone in my data base asking me to click on this or that link, open the attachment etc. I know it's spam or something even more evil. I always reply and in the subject line: "YOU WERE HACKED, CHANGE YOUR PASSWORD". Most of the time I get a response in short order thanking me as they had no idea. Of course you have no idea, that's the whole point of using your account to send out this garbage. Once in a while, I will get a second email from the same account. My thought on that is if they can't be bothered to look at their emails, they are probably not doing much business anyway. They go straight into Spam at that point.
More times than not, the addresses are on AOL. For some reason they seem more prone to these lapses. Are you listening AOL? Should the AOL stand for "Attackers On Line"? With all the news about hackers and viruses out there, I can't understand why folks don't change passwords on a regular basis. My MLS and my Company require that shift. If it's too hard to think about, how about using the season and the year you were born? Mine will not be Spring1776. But it would be similar. Start a 4 variation and just keep going. If the site won't let you repeat the last four, switch it up after the first round - 1776Spring, for instance.
Whatever else you do today, change your passwords. I don't want you in my Spam folder.