Interesting part of these, they are known senders, all work for the department and all are legit e-mails. It is the link in the email that takes you someplace else that is the issue. The thing that gets me is the folks that opened the email, and clicked the link, when the person it was allegedly coming from (although a legitimate employee) would never be sending them anything and most certainly the e-mail subject had absolutely nothing to do with them.
The email boxes were compromised and in the case of the form, it was about 5 months ago, and there is a man in the middle now. Send an email to the person it is from (another employee actually) and you get a response, but it is not from the actual person you think the e-mail is from.
Our problems began with they centralized IT services, basically took us all out of the departments we worked for and stuffed us in one gigantic office. Then took away all the offices e-mail systems and went to a cloud based system that centralized everything. Originally they had no idea how to secure it and those in charge of it were not listening to the old e-mail admins that did. Heck they cut ours out of the e-mial admin circle because he was making them look bad by applying his years of experience to the issues they were having.
