I suppose the GOOD site should say "do not enter this code on any other sites, we are NOT a login partner for any other sites" but a lot of people would probably not read that. Still, it would help. The very tricky thing about this scam is that it gets people to react to an email that they are expecting. Which means they will not be as guarded as if they got an email out of the blue.

Instead of showing a code, why not give a link that the user can click on?