You Got Phished For Your Password
You can always get tricked with a good email or malicious link that leads you to a login page. Always, always, always, always look at the full URL. Green locks and any other bells and whistles won't help you. But.... there is always a small chance that your DNS is being hijacked and the URL is right, in which case your browser will tell you that the HTTPS key has changed. Long story short, use chrome, listen to your browser and think. It's happened to me, it might happen to you, just don't lose your email account, or your password manager.
One of the biggest things you can do to avoid getting phished is to learn what a phishing attempt looks like. Read this: https://blog.malwarebytes.com/101/2017/06/somethings-phishy-how-to-detect-phishing-attempts/
Also, read this: https://ssd.eff.org/en/module/how-avoid-phishing-attacks If you get a phish, good chance other people are getting it as well. So you need to report it! Make sure you know how to report to your organization to protect everyone else!
Phishing and 2FA
It still works if you give them your 2FA credentials. Sorry.