Identity thieves are porting users’ mobile phone numbers to devices under their control in order to hijack their web accounts.
This type of attack begin when hackers call up a mobile service provider. Using a bit of social engineering, the bad actors convince an agent at the provider to transfer control of a target mobile phone number to a device under their control. As many web accounts require users to input their phone numbers for identity verification, the attackers can then use the hijacked phone number to reset the passwords for the victim’s accounts like their Gmail or social media profiles.
Full article here.