I have user who send payment details to the supplier.
Few days back I came to know that the mails sent from this user is capturing by somebody over internet and they send email (with different bank account details) from their email address which is similar to our email.
e.g. our email is email@example.com supplier receive email from firstname.lastname@example.org.
The same way when supplier send an email to email@example.com it is captured by them and send email from another email (saying our account number is changed please send payments to this account) which is similar to supplier email.
e.g. supplier email address is firstname.lastname@example.org but we receive email from email@example.com.
It is like they have created a bridge between servers.
They have captured all the information over internet. How to stop this in such a way they should not be able to view our emails contents and email address.
We have forefront for antispam and cyberoam firewall.