(also password spraying attack, low-and-slow brute force attack)
A brute force attack that tries one popular password against many accounts instead of using different passwords on one account. Password spraying avoids account lockout from unsuccessful attempts, letting criminals operate undetected.
Attacking company networks with predictable username conventions (such as name.lastname)
Attacking username lists obtained on the Dark Web
Attacking IMAP servers to spy on the email of higher-ranking staff