Strange choice of companies to impersonate in a phishing scam if you ask me, but never the less, this just arrived in my inbox;
This came with an attachment that housed the phish itself;
With the stolen details being sent to;
ASN: 28032 18.104.22.168/24 INTERNEXA S.A.
Owner of the IP housing the phish has been notified, as have the owners of the IPs the email originated from (Telefonica) and went through (Dataflame Internet Services Ltd)