Russ Jones, a professor at Arkansas State University gave a presentation on phishing and mentioned a term I'd not heard before the "man-in-the-browser attack." The idea is to install a trojan on the browser that presents a small, borderless window in the browser that overlays the login fields of the target site in a way that can't be detected by the user. The user is at the real site (so the cert will check out), but the credentials are stolen when the user tries to login.
Here's a paper that describes the attack and some potential countermeasures.