Although I agree that in some cases SMS 2FA provides a false sense of security, this argument misses the economy of the attacks here. It's not that black and white.
Any attacks on phone numbers are spearphishing, almost my definition. Some form of identity fraud - no matter how easy it is for an attacker - must be performed in phone number stealing. Even if it's very easy, that's a significant cost for an attacker and not an easily scalable attack. I agree that SMS 2FA must never be presented as an effective means to thwart spearphishing, where attackers are willing to put in this effort.
Now in the real world, password reuse attacks are far more common, and an commonly bigger concern for a random online accounts system. SMS 2FA can be of really big help there.
Any attacks on phone numbers are spearphishing, almost my definition. Some form of identity fraud - no matter how easy it is for an attacker - must be performed in phone number stealing. Even if it's very easy, that's a significant cost for an attacker and not an easily scalable attack. I agree that SMS 2FA must never be presented as an effective means to thwart spearphishing, where attackers are willing to put in this effort.
Now in the real world, password reuse attacks are far more common, and an commonly bigger concern for a random online accounts system. SMS 2FA can be of really big help there.