There are also measures that can be taken when using SMS based MFA, via services that check if the SMS is forwarded to a burner phone, or do a SIM check with the phone.
In addition the SMS based MFA services should be leveraging fraud score and number deactivation checks for the target numbers to catch the most obvious fraud scenarios.
Not sure a lot of the companies providing these services actually do that though. And all-in-all, non-SMS based MFA is going to be better anyway.
Not sure a lot of the companies providing these services actually do that though. And all-in-all, non-SMS based MFA is going to be better anyway.