Odd phishing strategy - Anyone know where this was going?

Hello all! Been in IR for quite some time but came across a phish today that I'd never seen before, wonder if anyone else has experience with a similar situation.

1. Attacker using lookalike domain, assuming the name of one of our employees and their email signature, emails a vendor of ours asking to purchase a repeating large quantity of a product (10 tons of packaging materials per month)
2. Attacker provides our real billing address, but requests the product …

attacker cybersecurity domain email emails employees experience hello name phish phishing signature strategy today vendor