For non Belgians, ItsMe is an identity/digital signature/2FA app used almost universally in banking, ecommerce and gov in Belgium.

The 'attack' is getting the victim to confirm the identity or signature for you through social engineer them to initiate the set up of a parralel session.

This is possible for inplementations of ItsMe that only rely on Phonenumber/Application, and do not validate the actual session, e.g. by having the user scan an in session QR code.