Very similar to if you were to send a traditional paper letter in an envelope with a stamp, and put an incorrect return address on it. You could even make it look exactly like something the real company would have sent. There is no validation of the return address. If the recipient were to respond to the return address, it would expose the ruse. The scam is that the contents of the letter have further instructions that lead to the scam.
Another complication is that the From address in internet email contains an address part and a description part. The address part is what is actually used to route the email, and the description part can be anything, including something that looks like an email address that doesnβt match the one in the address part. Most email clients only show the description part and hide the address part.
For example:
From: βBob Smithβ <[email protected]>
From: β[email protected]β <[email protected]>
From: "Do not reply" <[email protected]>
From: β[email protected]β <[email protected]>
Edit: formatting