Hmm, the only time I've ever heard of an account getting compromised after receiving a link is if they clicked the link and entered their information. That's the only way the scammers can get account credentials.
If someone did happen to compromise an account and attempt to transfer all banking details to their own bank, we'd have all the necessary information to take the appropriate actions against them. Not only do we have measures in place to avoid this (name changes and banking information changes may trigger additional verification requirements) but if they were foolish enough to put in their actual payment information their true nature would be exposed right away. Think of those ink detecting tags added to clothes at a store - a scammer compromising an account and adding their payment info would be like a thief breaking one of those tags then waiving at a store manager with ink-covered hands on their way out. It would just bring attention to their scam.
Thieves have been using the "SIM Swap" method for over 4 years and can use a network of stolen bank accounts to reroute the funds and withdraw funds.
Once the funds have been routed to an out of the country bank (hint: somewhere with no extradition treaty with the US), wear a "hoodie" backwards, goto to an atm, and withdraw the cash.
Realistically, it takes time and effort for this type of scheme, so thieves are only going to target "seller" accounts that rack up at least 6 figures in sales/month.
Google the following without the quotes:
"sim swap wiping out bank accounts"
As of today, NONE/ZERO of the US based mobile phone service providers have any active security measure to defend against the cloning of the IMEI/MEID/pESN numbers. Just think of the amount of information that is sent/received from your phone.