For me, it’s that I’ve stopped answering the phone altogether for numbers that aren’t in my contacts. And lately I’ve been deleting messages w/out even listening to them. I’m sure I’ve missed legitimate calls, but I don’t care. The spammers/scammers have poisoned that well.
It seems like something should be better than nothing, but I’m increasingly less convinced of that with respect to SMS for two-factor authentication. It makes some of your accounts more secure, but it also makes your phone number that much more of a rich target, and puts you in the position of relying on your wireless carrier not to give the game away. Or maybe I’ve just read one too many sim-swapping horror stories?
That being said, I’m definitely not a security expert. I do have to think about such things at work, however, and I find that the hardest part is trying to evaluate the relative risks when you have more than one option for mitigation, and those options have wildly different costs. It’s one thing to understand how an attack might work, but trying to figure out how likely you are to get burnt is a whole other realm of uncertainty.