Here's how "SMS Intercept" works in practice. *Anyone* walks into *any* retail cellular store in the world, tells an employee to move *your* number to a new SIM.

The employee *verifies* that person. Your SMSs now go to a new phone.

That's just one way.

Another way: Someone calls a phone company and says "I want to move my (read: *your*) number to this other carrier"

Your SMS's now go to a new phone.

That's one other way.

Another way: You use a web based SMS app or service, or have them forwarded to your email inbox.

Someone gets access to that, because you re-used the password for that with everything else.

That's yet another way.

In one incident I worked last year, the cell phone company revealed that about ~70 attempts to social engineer a customer support rep occurred within 48 hours.

Attacks against cellular infra aren't ever seen in common incidents. Your SMS's will be "intercepted" by a social engineer targeting the customer support team at your cell phone company, or via PW reuse, or by some other facepalm method.

Lastly - some sort of phishing attack that asks you to enter your SMS code. We're already very familiar with this, but in my incident coverage over the past couple years, I see customer support attacks more frequently.

For those who will say "but they verify ID and signature". In practice, if you call a distributed, scaled customer support team, you only need one employee to be untrained, gullible, new-at-job, or an insider. It happens enough where it's a clear trend in my incident workload.

I planned on writing a Medium on this for scrty.io a while ago but I abandoned it. Here is some of my online research of "bad employees at cellular companies" you can trawl through. gist.github.com/magoo/db5cd518…

Just one gem from that list:

"The Federal Communications Commission has entered a $25 million settlement with AT&T Services, Inc. to resolve an investigation into consumer privacy violations at AT&T’s call centers in Mexico, Colombia, and the Philippines."