Discover target logon/email address format

Email addresses, logon credentials, and other forms of online identification typically share a common format. This makes guessing other credentials within the same domain easier. For example if a known email address is it is likely that others in the company will have an email in the same format. [1]

ID: T1255
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Easily determined and not intended to be protected information. Publicly collected and shared repositories of email addresses exist.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Scraping of known email addresses from the target will likely reveal the target standard for address/username format. This information is easily discoverable.


  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.