Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.
June 22, 2026
Torsten George, chief cybersecurity evangelist at ID Dataweb, Inc., felt helpless as he sat with his personal cell phone up to one ear and realized he was in the throes of an active attack. The person on the other end claimed to be an AT&T customer service representative looking to give George a discount for being a loyal customer. But it didn't take long to recognize that the “representative” was a threat actor with inside information on George's account history, derived through social engineering.
Following his own investigation later on, George determined a SIM swap attack occurred two weeks prior that allowed the threat actor to intercept George's OTP through his text messages. But they needed his passcode – the second layer of security – to gain unauthorized access to his AT & T account, hence the call.
