Firstly, I strongly recommend activating Two-Factor Authentication wherever possible but can I suggest utilising one of the Authenticator apps rather than standard SMS just in case you fall victim to the SIM swap scam.
The SIM swap scam exploits the ability to seamlessly port a phone number to a device containing a different SIM; as a feature, this is normally used when you have lost or had your phone stolen or when you upgrade your device or change to another phone.
Fraudsters will gather personal information about their victim, either by use of phishing emails, buying them from the dark web, or by socially engineering; then they contact the victim's service provider and use their well-honed social engineering techniques to convince the provider to port the victim's phone number to the fraudster's SIM. This could be by impersonating the victim, using the previously obtained personal details, to appear authentic, claiming that the phone has been lost. In some cases, this fraud could involve service provider employees coerced or bribed by criminals.
Once the number is ported, the victim's phone will lose connection to the network, and the fraudster will then receive all the SMS and voice calls intended for the victim. It maybe some time before the victim realises this has happened allowing the fraudster to intercept any one-time passcodes sent via SMS or telephone calls; circumventing many two-factor authentication methods, including bank and social media accounts, that rely on SMS or telephone calls.
Since so many online accounts allow password resets with only access to a recovery phone number, the SIM scam fraud allows access to almost any account tied to that number; this may allow them to directly transfer funds from a bank account, extort the rightful owner, or sell account information on the dark web for identity theft.
One last recommendation, ensure your mobile device has a 6-digit passcode that is not your date of birth; you may well chuckle!
These days, it’s not a matter if your password will be breached but when...They are part of the online experience associated with modern cyber life.