a customer had a similar attack recently
i dont do the email for them nor run their website, so not my fault...ive been trying to get them to move to hosted exchange from the crap that theyre on for ages, but to no avail. anyway, last week heres what happened
an email was purportedly sent by "Jim" a director of the company to a minion "Brian" (except it was spoofed).
the email said "brian, its Jim, please tell adam in finance to pay this company with these bank account details just shy of £20k by the end of play today". brian then emails adam this, and adam pays the (fake) company.
they probably got the details of who was who from the website (they are now changing their website...). quite an elegant attack though.
weve figured out a way to stop this, and you probably already know this, and you probably dont like exhcange, but i'll tell you anyway just incase it helps someone. if they move to exchange, and set up spf correctly, there is an exchange setting "Blacklist email on SPF Neutral (for specific domains)". juts bung your own domain into the list.
then, as long as every single server you use to send email is in the spf record, noone can spoof you like this. obviously, things like fax's that email,their website's contact us form mailserver etc need to be included.
if anyone has a better suggestion let me know please.