OLD VIRUS - NEW TRICKS
"When the targeted websites are accessed from computers infected with the new Citadel variant, the malware replaces them with rogue versions that claim users' accounts were blocked because of suspicious activity. The victims are then asked to input their personal and credit card information in order to confirm that they are the legitimate owners of the accounts and proceed to unlock them."
So, be on the alert for something like that appearing via email or on the website itself. While Microsoft, along with other companies or agencies brought down the Citadel "Botnet" it was successful, but only to a certain extent. Anyone can get a "Citadel Builder" program and build their own, to their specifications.
To get a more in-depth idea on how this works, I would recommend you visit the Trusteer Blog Site HERE.