As Bruce Schneier recently pointed out, MITM attacks are now much more common, and likely to become widespread.
Now, if they used that cell phone message to authenticate the exact transaction you are performing, you'll be much more secure.
Of course, if it's too easy to update the cell phone number, all bets are off.
Where's the 'delusional' mod when you need it?
Beware of the Turing Tar-pit in which everything is possible but nothing of interest is easy.