I also feel like the article doesnt completely explain what happpened. Where is this code from?

Did they send the fake legal email and at same time trigger a recovery code to be sent?

Is this like the same thing in discord where they ask you for your email to join a server then ask you for a code sent to verify you own that email but really they submitted the email for password reset. The victim doesn't realize it's a real recovery code sent by Microsoft, etc instead in the moment thinking it is a "discord code". Once you submit the code in discord they have your account stolen in seconds.

Is this what the article is attempting to describe?