Good luck tapping into mine. I don't keep any sensitive OR any other data info of importance on my Silly (smart?) phones. If you're already used to Windows swiss cheese approach from Win 98 you likely prepared for this a long time ago.
Do you use your phone for 2FA for your accounts? If not, than this kind of attack wouldn't work with you.
If your phone is used as 2nd factor, it could be attacked this way. I don't know why service provider agents transfer phone numbers to new phones without proper identification.
Then having cell service with an obscure MVNO that 99% of the public doesn't know about could be an additional layer of protection.
Yes, security through obscurity. You can also use burner phone that is used just for 2FA and noting else.
The phone number is the one being hijacked, not your phone. Doesn't even have to be mobile, could be landline, VOIP, etc. The only surefire way to be secure from this is to not use that phone number for any account creation/identification/recovery purposes. 2FA doesn't matter in this case as long as your account is associated with that phone number.
Good point and well taken. And also I NEVER use that number when asked every time they peddle that crap of "add your mobile number for better security". They can kiss my SD card in the rear. Ain't happening until these telecoms learn to act like they have an ounce of what they sorely lacked for much too long. Responsibility to their customers who fill their coffers while they throttle the hell and rob them of Bandwidth. Long timers like some of us already anticipated the implosion and lack of protection from these very carriers who carry our luggage (data) with these devices.
It is the same most places even real life work places. You act friendly and nice, be patient and provide minimal baaic information (e-mail address, phone number, maybe date of birth) and you're all set. People want to be helpful so they do not want to waste your time, and they do not expect a hacker to really call them up. Sad truth :/
I agree, make sure to use a separate e-mail which is never shared for things like PayPal too! Do not link normal phone to the PayPal account as customer service can find the account via that phone number. But use the secondary not shared number for the account. Because while phone service providers may be bad with social engineering to give an attacker control, banking like PayPal are far from perfect too!