The age of phishing, the fake emails seeking account updates, may already be past, reports the New York Times. The next generation of cybercriminals is embedding trojans that then report keystrokes, which give details of account names and passwords.

The Brazilian federal police recently shut down a gang that had stolen $4.7 million from accounts in six banks. And a Russian gang stole $1 million from French accounts.

“The monitoring programs are often hidden inside ordinary software downloads, e-mail attachments or files shared over peer-to-peer networks. They can even be embedded in Web pages, taking advantage of browser features that allow programs to run automatically,” reports the paper. Likewise, Symantec says that half the malicious software it tracks is designed to breach privacy.

The FDIC tightened security requirements last year but did not require the devices expert say would foil this crime. There are silent security devices that would not threaten the user interface but banks don’t seem that interested. And in the meantime, make sure you keep current with antivirus software and those inevitable security patches from Microsoft.