Attackers might first try to obtain a list of usernames through social engineering. They can pose as new Wells Fargo employee, that has a Temple degree, and reach out to other Temple-grad employees. Attackers may be able determine how usernames/emails are structured through this contact. They can derive a list of possible usernames by using LinkedIn and try to brute force the password.
Nice work. Any thoughts about what an attacker might do with the 401k login?
Attackers might first try to obtain a list of usernames through social engineering. They can pose as new Wells Fargo employee, that has a Temple degree, and reach out to other Temple-grad employees. Attackers may be able determine how usernames/emails are structured through this contact. They can derive a list of possible usernames by using LinkedIn and try to brute force the password.