Imagine you're a potential home buyer working with an agent to buy a $500,000 home, you're getting ready to close on the house tomorrow, and then you get an email from your agent saying that there's a problem and that the funding needs to go to another financial institution. It seems legit so you contact your lender and give them the change of info, and they transfer the money, $500,000, into the hands of a thief! This is a thing, and we know of some people who have seen this attack start to play out, but fortunately they realized the email was fake before they got scammed.
How does this work? What the hacker does is hack the password on your email account so that they have full access to your email. Then they patiently wait for weeks, months, etc. so they can learn your business, the business terminology you use, who your clients are, and anything they can use to emulate your business. When they see an opportunity to intercept a financial transaction they do so by sending an email from your account trying to redirect the transaction to their account. SPAM, Junk Mail, and Virus Filtering will not block the message as it's coming directly from your account.
How do you protect yourself? The first step you can take is using good passwords that are harder to hack in the first place. We recommend using a random password generator. Another thing you can do to protect yourself is verify by telephone any changes in financial transactions or anything that seems fishy. If it doesn't pass the smell test, then pick up the phone and call the person who sent the email and make sure they did mean to send it. Lastly, if your email is setup correctly using IMAP, Exchange, or is web based, you should be able to monitor your sent items and drafts folders for any messages that you didn't create.