Credential-stealing malware; Spear-phishing; User accounts compromised

Royal Bank of Scotland suspects “fraudsters had used various methods such as phishing to capture customer information and falsely register for mobile banking. The fraud losses had been compounded by a code error within the bank’s Emergency Cash service, meaning that the Get Cash app did not remember a customer’s daily ATM limit.” It is believed that “fraudsters have used various methods (e.g. phishing campaigns, data harvesting) to capture information to falsely register for mobile banking.” Happened as early as June 2012 through 10/12. RBS notified customers on 10/6/12; http://www.parliament.uk/documents/commons-committees/treasury/121106%20-%20Stehpen%20Hester%20-%20RBS%20-%20GetCash.pdf