Sometimes email accounts of legitimate vendors are hacked in this scam, which increases the likelihood that the target will trust the sender. More often, the scam emails are slight variations of legitimate addresses: person@c0mpanyname.com instead of person@companyname.com, for example. (If you can’t tell or are listening to this as an audiobook, the “o” in “companyname” is actually a zero.) The vulnerability here is human inattentiveness, or misplaced trust.
