Phishing is probably going to be the greatest threat to the average Internet user in the near future. While just about everyone is aware of viruses and malware, at least on a basic level, a number of people don't realize the threat that phishing poses.
Phishing refers to a specific type of online scam. The scammer poses as a trusted entity, like a bank, and sends out emails or sets up fake websites requesting account information. The usual process involves a warning that your account will be shut down without action, although some recent paypal phishing scams involved sending out fake bills to try and make the confused user examine the bill through a fake link the scammer provided. Most now go the extra step and provide what appears to be a real link to the main site, but is actually a link to their spoof site. Once you're on this fake version, they'll try to get you to login to your account. Their keylogger will capture the information and they'll be ready to put it to use for a quick profit.
If they manage to get passwords for Paypal, eBay or your bank, then they can do fairly conventional theft or fraud. A few can go the extra step, and use phishing to get an email or facebook login. With this in hand they can slowly figure out your security programs and take over your online identity through password recovery programs.
Obviously the potential for damage is quite real. The FBI have estimated annual losses of $1 billion due to phishing alone, while Consumer Reports projected over $2 billion lost to phishing scams. There's generally a divide over the non-monetary costs, since it's hard to account for lost time, damaged credit and stress.
Hopefully it will be helpful to review the most recent reports to see the apparent patterns of banking.