So why is it a phishing email? Firstly, the link that will supposedly allow you to download this file has nothing to do with FNB. Doing some digging, it seems that the site (seems like a personal site) has been compromised and is probably going to redirect the user to the malware or compromised application.
Secondly, as the headers of the email clearly show, the email from address has been spoofed, and it has nothing to do with FNB. The reputation check, as per below suggests that this is a new spam host, and one of the reasons it did not get picked up by the anti-spam engine.
Received: by 10.216.55.139 with SMTP id k11cs1749wec;
Tue, 26 Oct 2010 22:31:40 -0700 (PDT)
Received: by 10.213.13.80 with SMTP id b16mr216811eba.89.1288157499734;
Tue, 26 Oct 2010 22:31:39 -0700 (PDT)
Return-Path:
Received: from linux14.unoeuro.com ([94.231.101.70])
by mx.google.com with ESMTP id w3si18982624eeh.36.2010.10.26.22.31.39;
Tue, 26 Oct 2010 22:31:39 -0700 (PDT)
Received-SPF: neutral (google.com: 94.231.101.70 is neither permitted nor denied by best guess record for domain of minami.dk@linux14.unoeuro.com) client-ip=94.231.101.70;
Authentication-Results: mx.google.com; spf=neutral (google.com: 94.231.101.70 is neither permitted nor denied by best guess record for domain of minami.dk@linux14.unoeuro.com) smtp.mail=minami.dk@linux14.unoeuro.com
Received: from linux14.unoeuro.com (localhost [127.0.0.1])
by linux14.unoeuro.com (8.13.8/8.13.8) with ESMTP id o9R5VdDS015687
for; Wed, 27 Oct 2010 07:31:39 +0200
Received: (from minami.dk@localhost)
by linux14.unoeuro.com (8.13.8/8.13.8/Submit) id o9R5VdFS015686;
Wed, 27 Oct 2010 07:31:39 +0200
Date: Wed, 27 Oct 2010 07:31:39 +0200
Message-Id: <201010270531.o9R5VdFS015686@linux14.unoeuro.com>
The new types of phishing are impressive in how well they masquerade as legitimate emails, and most Internet users will be fooled. If this persists, the next question really is - what should the banks do next? Go back to post?