As a computer scientist, I came to add more weight to what several others have said. The best advice is to use an Authenticator App or a physical security key, like a Yubikey.
The way these “SIM swap” operations work is like this: they somehow obtain your username and password to a particular website. But, the two-factor authentication (2FA) prevents them from logging in as you. So, they research and find out who you are, ultimately obtaining your cell phone number. If they can convince your carrier to transfer your number to a new phone, they can then intercept your texted 2FA codes. There is some speculation that these may even be “inside jobs”, where people get hired at the cell carriers just to help an organized crime-ring to co-opt people’s phone numbers.
An Authenticator App or security key thwarts this whole operation. Whenever possible, do not rely on texting as your 2FA. Security keys are the highest form of protection. I’m a bit shocked at how many financial institutions still do not offer authenticator apps as an option.