The issue here is: when 2FA notification pops up? It must happen after the user enters Apple ID and password, and said website or application must send a login request to Apple, and then Apple triggers 2FA for users to confirm. Will that fake Apple ID website triggers 2FA login prompt, which depending on people's stupidity, could either tap allow or don't allow. For me, when I try to log in to my Apple ID from
https://appleid.apple.com from a browser that is not trusted, 2FA will trigger, as soon as I hit the arrow. Will that 2FA website triggers it? Or it is just a fancy keylogger that saves your entered Apple ID and password without triggering 2FA?
If someone could brief me on these details I'd be much appreciated.