A company I know of has a password policy that requires employees to change passwords (on AD server) every 90 days. The vast majority of its new hires start on the 1st of the month. Thus, several hundred password resets happen on a predictable schedule. My intuition tells me that this is tactically valuable information to an attacker (I am an infosec noob).
An attacker could enhance the standard "reply to this with your password" phish with a "reply to this with your password because it is time to change your password" phish. The latter seems less suspicious because the person who wrote the message knows about the password reset policy.
Are there any other attacks enhanced or made possible by a predictable password reset schedule?
I realize that (by the pigeonhole principle) every sufficiently large enterprise with a forced password change policy will have a lot of same-day password changes.