Phishing for dollars

Our accounting team recently received an email ostensibly from one of our suppliers requesting payment. Fortunately it was noticed and not paid. But what would be the most likely route for a spammer to know one of our vendors? We're reviewing procedures but wanted to get feedback from EE too. Thanks.
amigan_99Network EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
If you are selling to the public, all they have to do is look at your product.
Michael FowlerSolutions ConsultantCommented:
A couple of ideas

The vendor could advertise the fact that you're a customer
The spammer did not know as such but took an educated guess, e.g. the vender sells engineering tools so we will send this attack to all engineering firms in the area

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
this scam has been around for at least 20 years. one must always match invoices to purchase orders
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

amigan_99Network EngineerAuthor Commented:
btanExec ConsultantCommented:
Hope the article also help in assessment of your use case - supposedly they are opportunistic and either through word of mouth (via main/sub contractor or customers), social network like LinkedIn or online advertisement), those spammer can harvest easily email and pull off any one whom replied and fall into their trap and scam. Even CEO is not spared with recent CEO Fraud scam (sender spoofed as CEO email and send to colleague to wire transfer...)
amigan_99Network EngineerAuthor Commented:
Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.