"Intercepting emails" - what a joke
You make a joke,but let me regale you a client of mine's personal experience
Background: Client was busy with the sale of a fairly large hotel
They contacted me because their lawfirm had notified them something was wrong with their(the client's) emails. Upon investigation I determined that the client's mailbox had been tampered with at the mail provider,online rules were added to forward and redirect mails from certain entities (banks,investment firms,the lawyers). These rules had been added months prior. I could relatively determine this because the items in the online Trash folder were ONLY these rulebased ones,since the client used Outlook and POP3 to access it
The assailants had registered a web-domain like the client's Surname (to look like a personal email address).
At a critical point during the sale process they interjected themselves by Emailing the lawfirm and CCing in the client's Business Email address,informing the lawfirm that they would be using their personal email instead going forward. These emails CCed to the client email would be automatically deleted so the client would be none the wiser.
The only reason this was caught was the Banking Details the assailants had sent for the final payment to be received differed from the one used in previous sales,so the legal secretary phoned the client to confirm whether it was correct as the payment had already been loaded on their banking system and only needed 2nd approval. Thankfully she called. We're talking just over 20 mill
This was a sophisticated process,long-term monitoring and learning the client's word-usage and patterns. But the payout would be astounding
I collected all the digital forensics available,including the domain registration details,FNB account that was set to receive the payout etc. Swept for malware and reset every credential under the sun and they handed it to the bank fraud division and police