People often ask me what's the difference between multifactor options, such as the ability to receive an SMS text message vs having a smartphone app that generates the unique code. And indeed, as in two-factor authentication (2FA) vs two-step verification (2SV), there are some fundamental differences - mostly related to whether you can get the code on the same device that you’re logging into. But this post is not about teasing out those nuances. It’s about how fraudsters think outside the box, literally.

In this video, Jim Browning exposes a method used by criminal organizations to steal expensive phones, but it could equally well showcase any other form of identity theft triggered by an SMS/text message, from your bank account's recovery code to the hijacking of utility bills and other login methods.

Click to watch referenced video: How scammers steal iPhones - YouTube