I would send a message to the same address with a message on the transaction, that's a nice way to let someone know his key has been compromised without risking any amount with the transaction.

And the second step would be to google the key, maybe we can find some public information about the owner and try to contact him directly to let him know about the issue.