This post throws FNB's "Tips for safe online banking" out the door:
"Never access the site via a link. Rather type the address into the browser address bar or save the address as a 'Favourite'."
I'm not sure, but I think this would allow the attackes to even use a "valid" security certificate (since the domain name would correspond with with the data from the CA... although they would probeply not have the private key of the certificate... so I think you would be save... that is if you notice that the internet banking site is not running on https).
Any way you look at it, some day you'll know I was right... well... I'm not left...