A client sent me an email which was forwarded from my email account to my gmail account. She was unable to log into her webmail account. She received an email back from someone posing as me, from my gmail account (maybe forged) telling her he would be on it. Then in a follow up email he asked for passwords. His attitude showed annoyance - She then gave him a couple of possible passwords including her paypal password. I changed her webmail password, my gmail password and had her change her paypal password.

What I don't understand is how could someone intercept an email being sent to me? All I can think of is she might have a virus or some malware which forwards all her outgoing email to the hacker? Does anyone know of such malware? Then, the hacker could forge my email address and she believes it's me. Or could there be another scenario where the hacker is getting copies of my gmail to which he responds? I can't see anything in my gmail account which would copy mail to anyone else other than me.

This has me stumped. My client felt it was creepy. Any suggestions or has anyone seen anything like this?
thanks,