These attacks can happen in two ways: either via a compromise of your (or your counter party’s) actual email system or, more frequently, via. hackers reading emails as they are in-flight to their destination.
Email is not a secure means of communication.
Establish a culture of payment verification. Whenever there is a payment over a certain amount: call/text/instant message the other party and verify the payment details sent before making payment.
More importantly train and test all of your staff to make sure that you don’t get caught in these types of scams; and work with other businesses that are also cyber resilient.
Hackers are targeting businesses of all sizes small, large and enterprise looking for vulnerability all across the chain. The weakest link in the chain is often the best way in.