Only a few weeks ago, someone tried to trick Nordeas Swedish customers into giving up their codes trough a phishing attack. That time the Swedish in the e-mail was so poor that it made receivers suspicious.
It still made the news, also here in Finland as Nordea is a large Nordic bank and the biggest bank in Finland. I was a studio guest in the evening news at one tv-channel and discussed the event.
Today I received a phishing e-mail "from" Nordea.fi, although this time in English. It links to a server in Poland (aai138.internetdsl.tpnet.pl) and holds a form where users are asked to list their unused codes (Nordea.fi uses singe-use sign-in codes and randomly choose confirmation codes from a large pool of codes).
The Server in Poland might just be a cracked home PC owned by some unlucky ADSL user. It seems the page has been set up on a number of computers around the world and different copies of the phishing e-mail point to different computers.
The e-mail can be seen at www.flickr.com/photos/dumell/56945715/.