they sent phishing links thru sms and also do sim swaps. They hijack the phone number by connecting it to another sim card. They also have people work at the providers that give them access to these numbers. I'm in those groups so I'm not talking out of my ass.
yes? just knowing a phone number is enough to log into a non-2fa google account if you know the pass, plus it can be easily triangulated to a real-world address
exactly. And not only that, people who work at telecom providers sell illegal services to whoever wants to pay. They give you access to anyones numbers for money.