Do you really need a message like that? If you didn’t try to sign in But you get a notification, it’s pretty freaking clear what’s going on. Alternatively if you just signed up a new account you should probably expect a message like that
A common attack is to impersonate a trusted institution and ask for confirmation via an SMS code. The attacker is going through the lost your password recovery flow for 2FA, but pretends it's just for confirmation of identity. If they're smart they can even perform the attack twice and change the 2FA number for your account. If the code was accompanied by an explanation of the intent it would mitigate the attack, that's why.
