There could be several things causing this. below are some possobilities:

1. The person sending is sending messages to a Distribution List that the recipients are located.

2. The person sending is send to a person that has a forward rule configured. This could be a client or server side rule.

Providing the message headers of the received forwarded message would help in locating who sent the message if the message is clearly not malicious.

keep us posted.