It’s no wonder that people are getting away with fraudulent activities when their attempts are actually pretty good. I got this:
http://147.202.36.70/~abikoahi/blg/no/login.php
which yeh, I realised it was clearly fake. But someone who’s not so clued up might not have done, and gone ahead and given away their username and password.
So a warning: be suspicious of any “official” emails you may get.