Typically inside a company (like a bank) there's an email client with a preconfigured contacts list linked to an AD server, the email client will write the email address for you.
So the probability of someone mistyping an email address inside the same company is, I'd say, low. Even lower if it's a recuring contact between two persons who know each others.
That's what's smelling here. You don't mispell an email address when you're replying or sending a message to someone you have an ongoing conversation with.
And if you receive that kind of email from outside the company... Well. That's phishing.
I am not saying your story is fake dvirsky if that's you get from my posts. It's just has all the hallmarks of something I trained people around me to notice.
I didn't think this is what you implied, but having seen the actual email, I also think the security bad practice was on the sender side, and this wasn't a phishing attempt.
Typically inside a company (like a bank) there's an email client with a preconfigured contacts list linked to an AD server, the email client will write the email address for you.
So the probability of someone mistyping an email address inside the same company is, I'd say, low. Even lower if it's a recuring contact between two persons who know each others.
That's what's smelling here. You don't mispell an email address when you're replying or sending a message to someone you have an ongoing conversation with.
And if you receive that kind of email from outside the company... Well. That's phishing.