You're probably familiar with two-step verification (it's sometimes called two-step authentication). Companies like Facebook use it to make sure you're you, not a hacker pretending to be you.
Banks and other financial institutions also use it because it's a relatively easy way to protect your privacy, and ensure that your banking credentials and money are safe. It works this way: You log in into your account and enter a password.
That's the first step. The second step is your bank, social network, or another outlet send you a text message, or call you with an automated phone call. They give you a secret, one-time code to enter, and complete logging into your account.
The one-time code is never used again so, in theory, you're safe. However, hackers have a scary new malware to misdirect those phone calls to them. It's called Android.Bankosy, and it affects devices using Google's Android operating system.
There is a little bit of good news here. The hackers most likely have to know your login and password first, before they can get the bank to call them.
That's good because you can protect yourself online with a solid anti-virus software program.