Assuming reasonable levels of competence on the part of the service, which scenario seems more likely for the average user:
1.) Some unexpected glitch occurs (could be the user's fault or could be the company's), and the user's ability to access the service is temporarily interrupted until a human is able to investigate and resolve the problem.
2.) The user is specifically targeted by a malicious actor performing SIM swap and/or social engineering attack.
I'm not really a gambler, but if I'm forced to guess, I'd say #1.
1.) Some unexpected glitch occurs (could be the user's fault or could be the company's), and the user's ability to access the service is temporarily interrupted until a human is able to investigate and resolve the problem.
2.) The user is specifically targeted by a malicious actor performing SIM swap and/or social engineering attack.
I'm not really a gambler, but if I'm forced to guess, I'd say #1.
EDIT: clarify initial assumptions