Thanks for your answer. So first I checked the website you suggested and his info has been out there apparently for a while. IDK if he changed the password but it's listed as being in a data breach in 2016 and also in Jan of 2019. I would think if it was out there for that long he would have been hacked a long time ago. Second point is that when he emailed the email to me it Eset alerted me that it had a virus. I was not able to see the email at all, but he told me he didn't open any attachments or click any links and he didn't see any attachments. SO I'm wondering whay it was detected as a virus by Eset.
Axe