Actually this isn’t accurate. The attacker ports the mapping of your phone number from your sim card under your control to the attackers sim card under their control.

Other than this detail your story is correct and I still feel that you did a really good job to educate the public. But in your infographic you need to have:
###-###-#### = your phone number

This is what the attackers actually gain control over so that when google sends a text to your phone number it goes to the attackers SIM instead of your SIM which is no longer associated with your phone number.

Your SIM is dead and doesn’t get that text. The attacker gets the account recovery text sent to his phone instead and resets your account password and hijacks your account.

Written by

Incentives architect for TandaPay

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store