There are three main ways people have their money stolen and the biggest one is sim swapping. In order to explain sim swapping, it is first necessary to understand how cell phone works.
When you connect to your carrier’s cell phone network, there is a little chip inside your phone called the sim-card. Every sim-card has a unique id and your carrier knows when this sim card connects to your network, so they should route that phone call to the dialed phone number.
A sim swap is when an attacker will call your cell-phone provider and pretend to be you. And typically, they’ll change it to a sim-card that the attacker themselves control. So now all of a sudden, if you receive a text message at your phone number, it’s not going to go to your phone. Instead it will go to the attacker’s phone
Typically, the motivation of an attacker for doing this is to receive things like two-factor codes. And when you become the victim of the sim-swap in any way that you use SMS or two-factor authentication could potentially be at risk. And if your account is only protected with SMS, and you’ve been sim-swapped, then you have been completely pawned.
The reason why it’s a big issue is because if you have only SMS to protect your account, the attacker will eventually have your two-factor code, and now they’ll be able to access any account that’s only secured with your SMS.
To avoid that, you must always add a secret code to your account depending on your cell provider. Which then somebody won’t be able to switch your sim unless they have that code.