Can you stop email impersonation?

Really long post but wanted to give all the details.

We use Microsoft 365 for email.

We do business with a company (abcd.com) and this week a 7 figure check was sent to them via mail (why it was not sent electronically is outside my scope of influence). The employee that normally corresponds with the company got an email asking him to stop payment on the check and send it electronically because they had not received it. The email address looked very similar to theirs. The display name was the same as and the address was the same and instead of [email protected] it was [email protected]. I checked the headers and the email seems to originate from abcid.com and passed dkim. If I lookup the impersonating domain it is registered with a contact of Admin Ghost and a random gmail address and the domain does not resolve.

The employee has asked that we “beef up our email security”. I do not see how anything (short of blocking email from this domain) will prevent this. Does anyone know of a way to stop this from occurring?

I am concerned that this user knew the name and email address of both my user and the other company user, neither of which is common. I fear that someone’s email account or traffic has been compromised . I know this user in our company uses Apple Mail. Is it a security concern? Any steps you would take to check for compromises?

I think it is more of a concern with the owners of the other domain.