FBI - Difference between Spoofing and Phishing schemes
How to Recognize and Avoid Phishing Scams (by the USA Office of Inspector General)
Google - Avoid and report phishing emails
The scheme is very simple and basic in the approach
Step 1: The fraudster creates an email account with a large email provider (aol.com, gmail, outlook, yahoo, hotmail, etc). They then use the name of the person they are impersonating, or an acronym of a recognizable institution (for example email@example.com) in the user portion of the email address.
Step 2: They visit a website and scrape the names in the council list or committee members list then search for their email addresses on PubMed of Google.
Step 3: They will, in most cases, send emails requesting emergency financial assistance (stuck an an airport, lost their wallet, etc) and they will ask for you to call them or send money by western union, moneygram, worldremit. wise, etc). The common denominator is the amounts are usually <$1000 however they can be larger but usually with bigger amounts they will ask for a wire transfer. Usually they will try to get you on the phone or simply send you an email with how to send the money.
Step 4: If they get someone on the phone there is an added danger if they get you to log into a website or click a link while on the phone. This spoofing attempt may turn into a Phishing attempt to gain control of your computer.