You get an email, it says "hey some guy you know is sharing a google doc or whatever, you need to sign in"
Then you pick on the website whethere you use Office 365, Google Apps, etc
Next thing you know the doc says cannot be found, so you forget about it. Meanwhile all your information has been compromised and it starts sending out emails to your contacts list.
With 2FA there is no way to use your login information because the attacker cant get that second stage of info when logging in. From what I have seen those phishing attempts dont even attempt to collect it.
Of course, thats hardly the only type of socially engineered attack.
Good attacks definitely do get and pass that info through.