For cyber criminals to attack user accounts they need to be aware that they exist. Here are some of the ways that they discover them.
At a really basic level there are only two primary types of user accounts in use. Enterprise accounts used by people who work for businesses or organisations, and private accounts. I realise I’m massively oversimplifying things but I think it’s a reasonable abstraction at this stage.
Enterprise accounts tend to have lots of people within the same domain, for example John Smith <[email protected]> and Jane Doe <[email protected]>. Their accounts are probably created and managed through something such as Microsoft Active Directory and Exchange or Google’s G Suite. The one thing they have in common is that they all work in the same entity.
Private accounts on the other hand are generally created by individuals when they sign-up for services for themselves. Some examples of this are a Google Gmail account for email, a Twitter account, an Instagram account, PayPal, eBay, etc. While many users may have the same @ServiceProvider.com email domain, they don’t know each other, don’t work for the same entity, and, on the whole, don’t have any other relationships with each other than the fact that they’re both users of the same service.
IMAGE SHOWING BOX OF LINKED PEOPLE vs MULTIPLE BOXES OF UNLINKED PEOPLE WITH LINKED EMAIL PROVIDERS. HEIRARCHY OF ACCOUNTS
While working in cybersecurity, we’re either trying to protect the people who work for our organisation, or we’re trying to protect our customers and suppliers. Even bug bounty hunters are trying to protect an organisation regardless of how loosely affiliated they are with it.