Yeah this has been a common attack since as early as I can remember. Company goes bust? Wait for their domain to expire then register/catch-all and start seeing what mail you get from websites to see where there’s accounts using that domain. Also plenty of more targeted methods too.