Quote Originally Posted by Arapiles View Post
You don't understand how these scams work: they aren't impersonating or spoofing addresses, the emails actually come from the relevant company's own email servers and address. What happens is that the criminals get access to the companies email servers - through phishing/trojans/malware - and sit and watch. They then, when the time's right, make a request for payment or direct a payment somewhere, often at the end of an existing email chain. There is nothing to indicate that the email is inauthentic because it is authentic, it's just that it's been sent by a criminal. As a result the protocol in banks and law firms is to verbally confirm every payment request using a known contact number that isn't on the email, because the scammers usually amend the contact numbers to one that links to their own phone numbers.

This is it right here. It goes one step further where the scammers systems act a as a proxy between the two parties monitoring all communications until an appropriate message is found (like the request for deposit). The message is intercepted, modified to include the fraudulent details and then released to sent on to the intended recipient with both parties none the wiser with, for all intents and purposes, a genuine email being exchanged. This thing about this one is that there is no strange request to a change in details or an out of the blue payment request. The fraud is insidiously inserted into a current and real time expected transaction.