Apart from manipulating technical security flaws to install virus and malware, fraudsters employ another technique known as social engineering.
Social Engineering involves tricking people, by exploiting human psychology, into breaking normal security procedures and giving away senstitve data or completing fraudulent requests without staff realising they aren't talking to who they think they are talking to.
Technology alone cannot fully protect you and your business if your staff aren't aware of how they themselves can be manipulated. You are only as strong as your weakest link.
More often a Finance department is sent a fake email proporting to be from a senior member of the business, typically the MD. Fake emails are getting better all the time to look like they are genuine.
They request payment to a third party for work carried out for the business. Often with a pressured time scale.
Once paid the fraudsters quickly empty the temporary account money was transferred to.
If in doubt, #takefive and ask someone else to verify and report all instances of social engineering to Action Fraud.