We have a firewall in place to block incoming data traffic to our network, but we cannot block outgoing traffic or else webpages will not load. This is how the internet works. Your computer sends out a request for a web page and the firewall then allows data to come in from the page you requested.
Hackers know this and are trying to get you to request data from their bad web pages. They will send something to your email posing as someone else in hopes that you will click on the link and accidentally send a request to them.
E-mail programs are trying to make life easier by hiding unwanted clutter. If I told my email system that I am John Parkman, then it seems redundant to also display my e-mail address of firstname.lastname@example.org, however, you can reveal this hidden e-mail address by hovering your mouse pointer over the sender's name as in the image below. This does not reveal the "Reply-to" address, which could also be fake. What you need to look for is the authenticated sender.
Unfortunately, as the image shows, if the hacker knows the proper email address for the person he is trying to impersonate, then he can add that detail to the "From" field of your letter. Sometimes you will have to check the header to see who the letter really came from as shown in the image below.