From securityaffairs.co
Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.
In the case investigated by the Spanish authorities, the cybercriminal obtained personal information and bank details of the victims through malicious messages in which they posed as their bank.