I was speaking with another of one my customers ( a similar, small hi-tech firm) and they have also been hit with the same kinds of precisely targeted emails to their Accounts Payable person. In their case, the one email said it was from the president and a second attempt said it was from the CFO. They told me the one from the CFO “even sounded like the way she talks.”
Note: In reviewing these emails you can look at some of the message fields to get more information. Select a message in any view in your mail file and use ALT-ENTER to bring up the Document Properties box. There you can use the second tab to examine field values.
Compare the From field to the SMTPOriginator field (it will have one if it originated outside of your organization), and the ReplyTo field. Also, look at the $MessageID field to get info about the server it went through.
OR is you have the email open (which is a judgement call whether or not you want to risk opening it), you can use View >> Show >> Page Source to view the message headers to see this information.
You can report these types of attacks to:
FTC – www.ftccomplaintassistant.gov
FBI Internet Crime – ic3.gov