A member of staff at your finance department receives an e-mail purporting to be from a senior member of staff within the organisation, such as the Director, CEO, Chairman, etc, requesting they arrange an urgent payment outside of their normal procedure due to exceptional circumstances.
The e-mail appears to be genuine due to the address in the "From" box reflecting the genuine e-mail address for the senior member of staff. With the recipient believing the e-mail to be genuine, they arrange for the payment to be made through their preferred payment method for the credit of the fraudster's account, from where the monies are usually quickly withdrawn.
There are two methods which the fraudster could use to facilitate this type of fraud attempt.
Using their knowledge of how e-mails are relayed over the internet through different servers, the fraudster is able to construct an email which appears to have come from another source, whilst disguising the true originator. Hovering the curser over the name in the "From" box will not reveal the true origination address in these cases, and therefore makes the e-mail appear genuine.
Hacked E-mail Accounts
An alternative method for the fraudster is to hack into the victims e-mail account direct, and start issuing e-mails in the victim's name, including payment requests to Banks or work colleagues. Customers that are more vulnerable to this type of attack are normally users of e-mail services such as Gmail, Hotmail, Yahoo, for example.