Another common attack facing individual holders is SIM hijacking. In this attack, the attacker convinces the phone company to port the target’s phone number over to another phone (or they pay off someone inside the phone company to do it). Since many websites use SMS to recover accounts when the password is lost, an attacker with control of the target’s phone may be able to access some of their accounts.