SIM swapping attacks involve tricking or bribing a phone company into assigning someone else’s phone number to you; once you have the number, you can intercept SMS-based two-factor authentication messages and use them to take over accounts.
Though SIM-swapping is laughably easy (thanks to lax security in the mobile phone industry), it’s still not fully automatable, and so SIM-swapping attacks usually target higher-value accounts, such as valuable social media handles, domain takeovers, and cryptocurrency wallet hacks.
Last weekend, parties unknown launched a wave of SIM-swap attacks against US cryptocurrency owners, succeeding in some cases, with at least one $100k score.
Some of the targets were saved by their use of hardware tokens or mobile apps for their two-factor authentication. 2Fa is generally very effective, even against targeted attacks; using a separate app or token is an extremely powerful form of security.
