Here it is mentioned, in italian language a way to override MFA when a proper phishing email is sent to user that will redirect him to a similar website page (a.e. web bank)
End user will insert user and password. Immediately crimes will insert user and password on original website (a.e. bank).
User will receive email with temporary code (true), that will be inserted in duplicated page. Crimes will use this latter code on original webpage having full access on user account (a.e. bank)
So attention to phishing emails must be improved.
[Update 2022.06.27]
https://www.securityinfo.it/2022/06/27/phishing-supera-l2fa-con-app-microsoft-webview2/