The potential damage from stolen credentials is obvious. With that information - especially if they have the credentials of more than one employee -- criminals can access the accounts of any customer. The FBI did not name any specific banks, but said that "small-to-medium sized banks or credit unions have been targeted in most of the reported incidents..."

However, the agency did say a few large banks have also been affected. In those cases, the criminals were able to conduct unauthorized wire transfers overseas. The FBI said the amounts have ranged between $400,000 and $900,000. And in at least one case, "the actor(s) raised the wire transfer limit on the customer's account to allow for a larger transfer."

But the damage goes beyond monetary. It is one thing for a customer to be hacked or fall for a malware scam, but Tubin said it was "totally different" for a financial institution itself to be compromised. "The damage to the reputation of a large institution could be devastating. That's the last thing a bank needs is to be compromised."

No matter how good the technology, the FBI recommends a number of basic precautions that financial enterprises should take. Among them: Remind employees not to open attachments or click on links in unsolicited emails; do not allow employees to access the Internet freely, or personal or work emails on the same computers used to initiate payments; do not allow employees to access administrative accounts from home computers or laptops connected to home networks; and ensure employees do not leave USB tokens in computers used to connect to payment systems.

Financial institutions should also monitor employee logins that occur outside of normal business hours; implement time-of-day login restrictions for the employee accounts with (access to payment systems; and restrict access to wire transfer limit settings, the FBI said.