by veen

As soon as the attacker has your email address, a process on their server logs into your email provider as you and initiates an "I've lost access to my email" password reset process.

From then on, every question in your signup process for the attacker's service is actually a password reset question from your email provider.

Sadly, it's quite clever.