Re: The dangers of convenience
I know a financial controller who had this happen to, it does require a degree of uncertainty within the business to work BUT i can say that this level exists everywhere.
If they can see your emails, they can see when people are away on holiday, they can access and change the name tags on email addresses (in the example i found they managed to access the email server) so that 'firstname.lastname@example.org' (note the double 'r') still shows as 'Your supplier' in emails
So, they've waited for the moment when someone is away, prevented payment (by intercepting emails and not sending on) to a vital supplier and allowed a 'Pay or no shipment of your urgent goods' to get from the supplier to the company.. next step is 'BTW we have changed banks, please pay here.
Yep, combination of pressure and hitting the weak point meant 280k (not actual value but close) went out to a bank account not of the suppliers.
THANKFULLY Interpol saved the day (yep, i know, bloody amazing) and contacted the bank and had funds frozen, the bank didn't let the cash fly as they were a bit wary of cash coming in to the system going out so fast (crims had actually contacted the target company for further documentation to prove that they should be able to withdraw, AFTER they realised what had happened, by pretending to be police!!!)
please note that if the company had lost this cash, at that time, it would have essentially stunted the company for years to come, as it was for high-season items (ordered JIT), and a large chunk of cash for the company..
Oh, and the spyware was on the bosses laptop, that's how they managed to connect and harvest all the data.