This may seem to go awry, but since it is related to the security of online identity, I hope that it is relevant.
Earlier this month, I received a message from Western Union. The headers confirm that it comes from them on westernunion.com (SPF and DKIM).
This message thanks me for a payment I made to a gas company in the United States that I have never heard of. It is a payment under the name of someone else, to an address I do not know, to an account that I do not own and from a card that does not. Is not mine.
The name mentioned is totally different from mine and my e-mail address is quite unique, so it is unlikely that this is a wrong type.
Has anyone ever seen anything like this? I could contact the gas company and ask what's going on, but something tells me that they will also be clueless.