…“SIM port attack”, however, is a malicious port performed by an unauthorized source — the attacker. The attacker ports your SIM card to a phone that they control. The attacker then initiates the password reset flow on your email account. A verification code is s…
Actually this isn’t accurate. The attacker ports the mapping of your phone number from your sim card under your control to the attackers sim card under their control.
Other than this detail your story is correct and I still feel that you did a really good job to educate the public. But in your infographic you need to have:
###-###-#### = your phone number
This is what the attackers actually gain control over so that when google sends a text to your phone number it goes to the attackers SIM instead of your SIM which is no longer associated with your phone number.
Your SIM is dead and doesn’t get that text. The attacker gets the account recovery text sent to his phone instead and resets your account password and hijacks your account.