It is an organization of 6. 4 of which are guests (so would likely not incur a charge without asking, or at least mentioning it). But the theory somebody clicked by accident is pretty good.
I think of this more as pushing back a bit and warning others.
What you encountered here is a dark pattern, but not the way you think it is.
They try to upsell a feature, but because it is a B2B SaaS product, the users are not the ones holding the credit card.
So, to upsell they have to get through your users to the admin / license owner. They prominently display a shiny feature, sometimes leading the users there through misdirection. Then they call for action: you need to request a bigger license, go ask your admin!
And of course, someone thought it is a good idea to add a button, which sends a templated email to the primary address to reach the person with the credit card.
This notably does not count as a marketing communication, so they can just send it even without explicit permission given prior.
So yeah, someone in your team probably triggered it, likely without knowing because they were misled.
I think of this more as pushing back a bit and warning others.