It's pretty straightforward to me at least what needs to be done. Add 2fa sms authentication and restrict trials to one per phone number. It's less easier to get new phone numbers.
and most 2fa security dont use sms any more. It's an insecure option - forcing it sucks for the legit customers. But if you don't force it, then one can bypass the sms and thus no longer need a phone number. Or you can try force sms on first login, _then_ allow the move to use a OTP app.
And even with this, what happens if the company simply shares the company phone, authenticate, then remove the phone and switch to OTP (for each time, or each user)? Unless if a phone number cannot be used twice...which means you have to keep storing it, and handle the support requests when a number is legitimately recycled (and how do you differentiate that?)
Offering something that is quite full featured for free (even as a trial) will get it exploited; it's only going to increasely be the case going forward. The internet is hostile, and getting more hostile.