A phishing campaign has been attempting to disguise spam as an email chain, using genuine messages taken from email clients on previously compromised hosts.
https://www.scmagazine.com/home/security-news/phishing/malspam-campaign-spoofs-email-chains-to-install-icedid-info-stealer/