Plenty of cases when the provider has actually done the swap themselves, personally know someone who had this happen. That's why I don't use e-SIM cards, they're very risky. The attacker does not need a phone, there's websites that offer such services online.How would that work? The attacker would activate the same number on their own phone?
Why isn't that a problem with physical sim cards? You can have additional physical SIM cards as well?