Similarly to classic account hijacking attacks, the attacker's goal is to gain access to the victim's account. However, if the attacker can create an account at a target service using the victim's email address before the victim creates an account, the attacker could then use various techniques to put the account into a pre-hijacked state. After the victim has recovered access and started using the account, the attacker could regain access and takeover the account.