Two-factor authentication will not help to prevent fraud.
Hackers found a new way to access Google accounts. It does not hurt even enabled two-factor authentication, which adds a password to the SMS with a special code. It does not use malware, which is installed on the mobile device intercepts and SMS.
About the new scheme of hacking said in his Twitter co-founder service of cybersecurity Clearbit.com Alex Maccaw. According to him, users receive a message, allegedly sent by Google. It says that the user account tried to log in with a specific IP address and it can be an attacker. To suspend the account and prevent further attempts of hacking, you need to send the six-digit code by SMS, which will come soon.
The six-digit code SMS is actually a one-time code for two-factor authentication. It is sent in response to an attempted break-in Google account. With this code the user can confirm it’s really him. Similar methods are used today in banking accounts and other services.
To deal with a new scheme of work is a Scam: do not send to the attackers code. In any unclear situation, please contact their help support.