I don’t know if I’m just really tired or if the post was just badly written, but I’ll go with the latter since you were confused too.
My understanding is this happened:
1. Attacker got a hold of Mitch’s bank card, PIN, and some personal details.
2. Attacker starts pulling out money and buying things here and there to see if Mitch ever notices.
Mitch never notices so...
3. Attacker calls Mitch on Friday and pretends to be Mitch’s bank. Attacker doesn’t ask for any details, just alerts Mitch that something was going on with his account to get him to think the bank was looking into it.
4. Attacker calls Mitch’s bank and also Mitch at the same time the next day.
5. Attacker asks the bank to send the SMS verification code to Mitch.
6. Mitch gets the code and reads it back to the Attacker.
My understanding is this happened:
1. Attacker got a hold of Mitch’s bank card, PIN, and some personal details.
2. Attacker starts pulling out money and buying things here and there to see if Mitch ever notices.
Mitch never notices so...
3. Attacker calls Mitch on Friday and pretends to be Mitch’s bank. Attacker doesn’t ask for any details, just alerts Mitch that something was going on with his account to get him to think the bank was looking into it.
4. Attacker calls Mitch’s bank and also Mitch at the same time the next day.
5. Attacker asks the bank to send the SMS verification code to Mitch.
6. Mitch gets the code and reads it back to the Attacker.
7. Attacker repeats code to the bank.