Ew, bank fail. My bank will send me a 2FA code to my phone, it'll explain what it's for first. So the message will say 'you're trying to send $200 to xyz at date yxz. Enter this code'.
You'd then have to go to a screen on your computer with that particular transaction, find it, and enter the code. You don't suddenly get some kind of authentication pop up, and know to enter a particular code that authorises anything that isn't your password. That's the whole point of 2FA?
Beyond that, it's surprising that bank fraud still happens seeing as in most countries there are very strict KYC/AML requirements, meaning you can only open a bank acc with an ID in person, with a registered address. I got hit by this myself a while ago when I sent some money for an online purchase that never delivered. I was really bummed out, got scammed but thought at least I had an acc number with a name and address. I looked into it more and it turns out there's a big network of low-end criminals who will approach some 16 year old on his way home from High School. He'll have $50 on his account. Is given $100 straight up, and promised $200 additionally later on, in exchange for his debit card. Youth thinks 'why the hell not, got $50 to lose, just gained $100 and potentially more'. The criminal will use that bank acc to collect money, retrieves it from an ATM with the card, then disappears. Police investigation into the scam will turn up with a 16 year old unaware of the risk of 'identity theft' (weird semi-bs concept itself) who lent out his card and didn't understand the consequences. The criminal goes free without a trace.
Even contextual messages are game-able - the default text "enter your verification code" showing up on the website will likely catch a LOT of people, since they're thinking it's from the bank.
Extensions are Apps.
Without a meaningfully robust (and mandatory) security model and some basic security audits to prevent over-reaching security defaults/requests, you might as well be running Windows XP.
You'd then have to go to a screen on your computer with that particular transaction, find it, and enter the code. You don't suddenly get some kind of authentication pop up, and know to enter a particular code that authorises anything that isn't your password. That's the whole point of 2FA?
Beyond that, it's surprising that bank fraud still happens seeing as in most countries there are very strict KYC/AML requirements, meaning you can only open a bank acc with an ID in person, with a registered address. I got hit by this myself a while ago when I sent some money for an online purchase that never delivered. I was really bummed out, got scammed but thought at least I had an acc number with a name and address. I looked into it more and it turns out there's a big network of low-end criminals who will approach some 16 year old on his way home from High School. He'll have $50 on his account. Is given $100 straight up, and promised $200 additionally later on, in exchange for his debit card. Youth thinks 'why the hell not, got $50 to lose, just gained $100 and potentially more'. The criminal will use that bank acc to collect money, retrieves it from an ATM with the card, then disappears. Police investigation into the scam will turn up with a 16 year old unaware of the risk of 'identity theft' (weird semi-bs concept itself) who lent out his card and didn't understand the consequences. The criminal goes free without a trace.