This technique is commonly used to bypass two-factor authentication. The attacker obtains a victim’s personal information through a phishing scam. Details such as the address, mobile telephone number and banking pin are collected. The attacker then socially engineers an employee at the victim’s mobile phone company into redirecting their calls and texts to a SIM in their possession. Once this has been achieved, the attacker now has access to the one-time verification codes that are sent by banks before payment transfers. The attacker can now redirect funds from the victim’s account to any account of their choosing.