Phishing mails are always a thread.
You mean "threat" , right
Even if you have 2FA enabled in your account they are able to sign in in a way.
I disagree. Before signing in, most exchanges require users the 2FA. They still be needed your 2fa's secret key in order to import it in the app and to have access to the code.
Also, you should consider that the topic of the email is about activating 2fa which means?
They are targeting accounts who have deactivated 2fa. Possible process:
Send phishing email -> Victim clicked on the link , tried to login -> Username/Email and password trasmitted to Phisher -> Phisher quickly logins and withdraw the funds before the victim realizes that it's a phishing site or before it turns on the 2fa on the right page.
So please be carefull about the mails you receive.
My main tip for link provided in emails is to check the target url which can be seen when hovering the linked text. Target url is shown on the bottom left part of the browser. (chrome)