How's this for stealing company information via email? All this happens when one part uses the wrong email address. A third party intercepts it, reads the information, then forwards it to the original recipient after modifying slightly the return address. The third arty, then receives the reply, reads it and then sends it along to the original sender. The loop repeats.
Moral of the story: always double confirm your recipients email address. Read the whole story here.