>Fraud: 'I had £18,000 stolen after my drink was spiked' - BBC News
Had me wondering how it was done. For me, there's a pass phrase in the app where you enter 3 characters of it. 3 incorrect entries and you're locked out. Guess the banks in question don't have that protection.
With that out the way, the rest sounds trivial.