Brian Krebs has a good article about his interview with the REACT Task Force about SIM swapping (a way to intercept SMS auth codes) thefts.
A few choice bits:
Brian in a comment:
“I think it’s important to view the activity in this crime space as a glimpse of what’s to come, as something that will soon be visited on a broader range of victims — if indeed it is not already. Forewarned is forearmed, yes?”
“More importantly, he says, the frequency of SIM swapping attacks is…well, off the hook right now.”
“SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space. This includes people who run or work at cryptocurrency-focused companies”
“Tuttle said it’s important for people to use something other than text messages for two-factor authentication on their email accounts when stronger authentication options are available. He advises people instead use a mobile app like Authy or Google Authenticator to generate the one-time code. Or better yet, a physical security key if that’s an option.”