It is more likely that it was a trojan/virus. There are several out there that monitor for just banking/paypal/payroll details, once it has something good the operator can easily bounce through the machine it's controlling to move the money.