While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn’t mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it’s surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
If you’re targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn’t mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it’s surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
Spear phishing disagrees with you.
If you’re targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.