This is a bit hard to follow, but it is a pretty ingenious scheme. In a nutshell, the scammer sets up a pay phone line, a phone number that people have to pay to use. They then use that number as a verification number with Google, Facebook, Microsoft, etc. and take an action which causes that number to be called.

By automating the process, they bring in a nice little wave of money. That’s the theory, anyway. This was pieced together by a security researcher who raised the issue to get companies to put barriers in place to prevent this hack.