Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started. BEC scammers use various tactics (including social engineering, phishing, or hacking) to compromise business email accounts, later used to redirect payments to bank accounts under their control or target employees in gift card scams. Microsoft also saw the scammers using standard phishing techniques like fake replies (improved by also spoofing) to add legitimacy to the phishing emails.
Source: https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attack-targeted-dozens-of-orgs/