Our accounting team recently received an email ostensibly from one of our suppliers requesting payment. Fortunately it was noticed and not paid. But what would be the most likely route for a spammer to know one of our vendors? We're reviewing procedures but wanted to get feedback from EE too. Thanks.