Just checked, since do some android fiddling now and then. If you use the software based token on your phone, can't even rip that from the program, even if your phone is compromised as well as your PC, since it just sends the token key(which is set to change at set times on a certain pattern, but that pattern is unknown) in a hex format to then trigger a display of the token key which is different then the hex code.

So, the only way to be able to hack said account, would require the PC and Phone to both be compromised, and the phone to instead somehow get a screen capture of the token key after being displayed.

The odds of this are.... so so so low...

I'd sooner win the lottery twice over for the jackpot before cracking the system.

https://www.youtube.com/watch?v=ZXFYT-BG2So

Explains it in more detail, but ya... The sad truth is, if this topic is even true, you're being scammed by your FC member.