A financial company I deal with just made me aware of an e-mail breach. They sent an encrypted email to one of their customers using a prominent cloud based e-mail service. The legitimate e-mail gave the customer account details to make a wire transfer too. Moments later the customer received a bogus e-mail telling them that they needed to wire the money to a different account. The customer caught this because the e-mail address was different. We need to determine where the breach occurred (customer side or hosted e-mail side). Not sure where to start.