Phantom account

An account opened on a third-party commercial service using a target's phone number as the contact identifier. The target receives verification codes, transactional SMS, and notifications, but does not own the account and cannot access it.

Also known as: phantom registration, ghost account, customer impersonation, number-as-identifier injection
The formal term: Account registration using a non-consenting third party's identifier as the contact channel.
Overlay / cover: ordinary clerical mistakes (mistyped digit at signup); ordinary SIM-swap aftermath; ordinary number-recycling collisions from a previous owner.

Tactic entry to be written. Sections to fill in: definition + mechanism, how it looks on the receiving end, what it produces (the database edge), why it matters (long-term identity-binding distinct from hop seeding's transient metadata edge), the deniable overlays it rides on (mistyped digit / SIM-swap aftermath / number recycling), and defensive posture.

Where this appeared in the storm

Hop seeding — the related but distinct contact-graph injection family