I don't think the e-mail in the article is very obviously a 2FA code? I usually associate 2FA with something I use to log in somewhere; not to do some other operation which (presumably) already requires account access. To me, it looks like a Wells Fargo Apple Pay "Verification Code", which honestly could mean anything.
There are other signs, obviously. You could ask the question of, why is the e-mail asking me to enter the code myself while the customer support rep asking me to provide it over the phone? But as you well know, the author also asked that question, and arrived at a plausible enough sounding answer.
Regarding that last sentence: I have actually skimmed the e-mail many times now, and only when looking at it again to try to understand what you meant by "even that very email contained a reminder not to tell it to someone on the phone" did I actually see that part. I suppose I just started reading the standard "if you have questions call us on this number" text and skipped the rest of the paragraph. Brains are very good at extracting what they think is the relevant information and ignoring what they think is the irrelevant information, especially when in an active social interaction with another person who expects something from you.
I think any technical person should be able to analyze a play-by-play description of the events and explain exactly how each mistake could've been avoided. But I think most technical people could've made similar mistakes if they were caught in a vulnerable state of mind. I think sharing these kinds of stories, where even people who "should" know better got scammed, is an important part of how we learn to recognize scams. I think the vitriol in places like this comment section plays a part in making people avoid sharing stories like this.
There are other signs, obviously. You could ask the question of, why is the e-mail asking me to enter the code myself while the customer support rep asking me to provide it over the phone? But as you well know, the author also asked that question, and arrived at a plausible enough sounding answer.
Regarding that last sentence: I have actually skimmed the e-mail many times now, and only when looking at it again to try to understand what you meant by "even that very email contained a reminder not to tell it to someone on the phone" did I actually see that part. I suppose I just started reading the standard "if you have questions call us on this number" text and skipped the rest of the paragraph. Brains are very good at extracting what they think is the relevant information and ignoring what they think is the irrelevant information, especially when in an active social interaction with another person who expects something from you.
I think any technical person should be able to analyze a play-by-play description of the events and explain exactly how each mistake could've been avoided. But I think most technical people could've made similar mistakes if they were caught in a vulnerable state of mind. I think sharing these kinds of stories, where even people who "should" know better got scammed, is an important part of how we learn to recognize scams. I think the vitriol in places like this comment section plays a part in making people avoid sharing stories like this.