A person I know recently received a phone call from his bank asking him if he had sent a particular email. The email asked for some banking information but asked the reply be sent to a different email account. The bank was calling to see if the information was correct.
It turns out his email account had been hacked because of a poor password. Once the email account had been hacked, the thieves set up a rule in account to send a copy of all emails to the email account they created. (He was using an account that uses an online version of Outlook to manage the email.( The thieves (or would be thieves) were actually sending emails from his account to make the emails look legitimate.
So the lesson here is if you have any account online, please you good passwords. Also if you have accounts that use a mail manager that allows you to create rules or auto-forward email that you check it periodically. You might find your email going to someone else.