Tonight, one of my credit cards was used by a scammer for a small amount of money. I saw the transaction via text and immediately called the card company. All good on that front. But the disturbing thing was that this scammer had access to or had spoofed my Google Voice number, because immediately following the text notification from my credit card company, they texted as me, from my number, to disable card use notifications. I saw that as well.

I am not concerned about the credit card. I am concerned about how they were able to do that. I immediately changed my Google password but I don't know how they got in. The account did not show any other devices active or anything like that.

I do use my Google Voice number as 2FA for some things. I'm now realizing this is a security risk. But I also travel internationally and don't always have cell service.

Best practices here? Thank you!