We recently had a scenario at a client where sensitive information was sent to the wrong email address maliciously.
This was done via a hacked email account belonging to a client of our clients (lets call him ClientB)
The ClientB legitimately sent an email to our client.
Our client responded to ClientB via the reply-to button on his email application (e.g. Outlook). Unknown to him though, ClientB's gmail had been hacked and the Reply-To feature was used to put a similar email address in the reply-to field in the message headers (another "r" was added next to an existing r, trravel instead of travel).
The email was therefore sent to another recipient.
This obviously easily affects public email like gmail, hotmail etc but we believe could easily be addressed on the Barracuda Email Security Gateway, which could inspect message headers and provide an action (e.g quarantine or notify the admin etc) when an email is received that has a different reply-to address.