Sim-cloning is a very popular technique for this, but it is far from being the only commonly used technique to get around SMS-based 2FA.
2FA through SMS isn't safe, and while it is better than no 2FA at all, it is just barely better than none. If you are curious to find more info, there is a lot of writing that has been done on this topic. I am very impartial to Brian's writing on security topics, and he has at least one post regarding SMS-based 2FA [0].
A number of online services I use send SMSs as a form of 2FA. Apparently this is not entirely safe.