I recently received an interesting email from a business that my firm has worked with. The content of the message was supposedly an electronic fax. I knew the email was suspect just based on how the electronic fax was handled. Our firm has a separate and known fax number. Typically, the only time electronic faxes are sent to inboxes is when we have instructed someone to do so.
When I replied to the email, it was clear that the attacker had not only taken control of the business’s mail server but had set up automatic email rules to respond saying the email was legitimate and that I should open the file and follow the instructions.