Think 10s of thousands, and yeah, that was my presumption. I don’t use anything that looks remotely like a word or phrase anymore. Not for a long time. But I bet there are people out there, bless them, that do. And those are the marks these scammers are looking for.
I imagine they write a very common password and between the hundreds of potential victims there will be someone who actually uses it
They can also pull from breach lists. If xyz hacker posts a list of email and passwords online you’ve got a pretty good starting point.
Think 10s of thousands, and yeah, that was my presumption. I don’t use anything that looks remotely like a word or phrase anymore. Not for a long time. But I bet there are people out there, bless them, that do. And those are the marks these scammers are looking for.