I have user who send payment details to the supplier.
Few days back I came to know that the mails sent from this user is capturing by somebody over internet and they send email (with different bank account details) from their email address which is similar to our email.
e.g. our email is firstname.lastname@example.org supplier receive email from email@example.com.
The same way when supplier send an email to firstname.lastname@example.org it is captured by them and send email from another email (saying our account number is changed please send payments to this account) which is similar to supplier email.
e.g. supplier email address is email@example.com but we receive email from firstname.lastname@example.org.
It is like they have created a bridge between servers.
They have captured all the information over internet. How to stop this in such a way they should not be able to view our emails contents and email address.
We have forefront for antispam and cyberoam firewall.
Your help is highly appreciated.
Thanks in advance