If you use SMS and the mobile number as the sole account recovery process more and more of these attacks will happen. Even if you use it you need to combine it with other methods even including static passwords. The same goes for mobile number based logins.<p>The best is to not use SMS as a 2FA method as well.