We've had plenty of those, down to one that had actually registered a very similar domain name. I'm fairly certain the data is being scraped from LinkedIn for at least some of them, if you can find "MD of XYZ Ltd." and "Accountant at XYZ Ltd." it's not that difficult to craft a suitable message.
We have taken internal security steps however.