According to press reports, the scam targeted customers that access the Nordea Sweden Web banking site using a paper-based single-use password security system.

A blog posting by Finnish security firm F-Secure says recipients of the spam e-mail were directed to bogus Web sites but were also asked to enter their account details along with the next password on their list of one-time passwords issued to them by the bank on a "scratch sheet".

The scratch sheet contains a certain number of hidden passwords and each time the customer uses the online banking service they uncover the next password in the list to access to their account.

F-Secure says rather than the present code the customer was using, the bogus sites asked for the next available scratch code on the list, which suggests that the phishers were trying to collect the scratch codes to use later along with the stolen account details.