What I noticed was most tokens received were limited to Utrust, PHI, STP, SPA, SDE, TKT, ebit, COPYTRACK, Transmission, GlobCoin Crypto Platform. Does one of these tokens send you an email or let you fill out something connected to your wallet? If yes, that might be the cause.
Why do you think that some of sent tokens like "Utrust, PHI, STP, SPA, SDE, TKT, ebit, COPYTRACK, Transmission, GlobCoin Crypto Platform" - they are the signal about the someones tryings to steal something from your wallet? For example - Utrust it was a real project. I heared about the GlobCoin that it may be scam but I heared about it only. Just interesting for myself. Because lots of fraud there are for the last time.
I know Utrust, but not the other tokens. What I said was just a possibility. It's possible that the hacker used one of these tokens' names to send a phishing link and/or give people a form to fill out with their data. These days hackers do pretend to be the real project through email or any other means just to steal, so... that's why I thought of that.