I experimented by creating a fake WordPress Login form to see if people/bots would use it. This is what happened after a week.
I implemented the fake form November 25, 2021 and set a reminder to check it a week later. (mainly because I didnt want to chance getting bombarded by email notifications)
This is the form I created using WPForms. I think it looks pretty close to the real login form.
I checked the entries and I received 64 of them, all form Moscow, RU.
There are many bots out on the internet doing this same thing from all over the world, this is just once instance. Make sure you are using strong passwords.