Well, I've always chosen the 2FA OTP application route. Glad I always click "Use App" where possible despite many services warnings of "Use your phone number! It's safer!".
But with that said, in this modern age, it's relatively simple to add extra security for a sim card holder to prevent this. They should do more to stop this.