I seriously doubt it was, at least not a blanket automated attempt aimed at multiple people.
It was years ago but IIRC, there were actual names and the email was clearly between two people who knew each other personally, contained phone numbers, etc. Also, it wasn't in English, so it wasn't some automated Nigerian scam or something like that for sure.
And if someone went through the trouble of obtaining so much intel (names, phones, company titles, bank branches, etc) - makes no sense they would then get the email wrong.
Also, at most the person sending the email would gain is some business bank account number, that's probably semi public knowledge anyway, without any authentication-enabling information.
This stuff is done by fax in my country to this very day, I'm not surprised at all that such an unencrypted mail was sent.
I'm sure a vast majority of it was phishing, but you may be surprised to know how many and how often people send info like that over unencrypted email.
Typically inside a company (like a bank) there's an email client with a preconfigured contacts list linked to an AD server, the email client will write the email address for you.
So the probability of someone mistyping an email address inside the same company is, I'd say, low. Even lower if it's a recuring contact between two persons who know each others.
That's what's smelling here. You don't mispell an email address when you're replying or sending a message to someone you have an ongoing conversation with.
And if you receive that kind of email from outside the company... Well. That's phishing.
I am not saying your story is fake dvirsky if that's you get from my posts. It's just has all the hallmarks of something I trained people around me to notice.
I didn't think this is what you implied, but having seen the actual email, I also think the security bad practice was on the sender side, and this wasn't a phishing attempt.
It was years ago but IIRC, there were actual names and the email was clearly between two people who knew each other personally, contained phone numbers, etc. Also, it wasn't in English, so it wasn't some automated Nigerian scam or something like that for sure.
And if someone went through the trouble of obtaining so much intel (names, phones, company titles, bank branches, etc) - makes no sense they would then get the email wrong.
Also, at most the person sending the email would gain is some business bank account number, that's probably semi public knowledge anyway, without any authentication-enabling information.
This stuff is done by fax in my country to this very day, I'm not surprised at all that such an unencrypted mail was sent.