If that was simply the "from" address of the email, then those are extremely easy to forge. To get a better idea of the source, look at the full email header for the originating address (still spoofable) or even better, if the phishing email contains html, look at the page source for the links to the hax0red site. From my experience, the "from header" is always forged, the originating address is usually a blacklisted spam-friendly machine, and the actual website that the html links point to is the only truly hacked server.
|