One of my clients phoned me late last year saying that he was receiving accounts from people he didn't know, so I told him that he should ignore them if they aren't addressed to him personally and don't mention him by name.
He called me 5 minutes later to say that he was receiving a "Malware Detected" message. (He was running Windows Defender, which his previous IT guy convinced him was adequate). I told him to turn off his PC until I got there.
I rushed over there, equipped with my virus removal tools. Thankfully I ran a rescue disk first, as it turns out he had picked up some nasty ransomware cryptolocker. It had already encrypted all documents on his drive up until the letter "M" in his root directory folders, but fortunately all of his documents were stored under "Users/username/Documents" so his important documents were safe.
I ran a Malwarebytes scan to finish the job.
The next day I went back to install a Bitdefender Internet Security 1 year licence for him.
In hindsight, I'm glad I made the calls that I did. It turned out that the Ransomware he'd picked up was brand new and still undecryptable. I for get what the file extension was, but I think it was something like .vvv or similar.