Sim Hacking is now a thing to get around MFA but it wasn't as popular in 2014. Call up the telecom provider and use the same approach. Leverage Googleable info of the target person and use that as answers to the customer support reps questions.
SMS is not a second factor, despite many companies pretending that it is. I am alarmed at the number of large companies (especially banks!) that just blindly and stupidly follow the outdated advice of using SMS messages as 2FA.
So, MFA is great, if it is really multi-factor: TOTP through Authy or Google Authenticator, U2F or WebAuthn through a hardware key like a YubiKey.
Sim Hacking is now a thing to get around MFA but it wasn't as popular in 2014. Call up the telecom provider and use the same approach. Leverage Googleable info of the target person and use that as answers to the customer support reps questions.