Hackers are always pushing the envelope as software, systems and people become better at protection against them. Social engineering techniques evolve in an attempt to penetrate the most secured mechanisms and the most skeptical of users. Trusteer is reporting on a new technique specifically targeting business and commercial banking customers.
To summarize, computers infected with a particular variant of a known malware platform are in taken over once the malware recognizes that you have successfully logged into a banking website. The malware pauses the banking website and informs you that a banking representative will be with you shortly. The hackers then initiate a live web-chat and, using traditional social engineering techniques, attempt to gather addition information from the user.
Obviously you should never give away account information over the web, but it is so cleverly done that many people likely believe it is the bank asking these questions.
Technology will continue to improve, but users do need to be educated or reminded that they should be cautious when giving out personal or account information. If they are ever unsure of the authenticity of the request, they should be taught to ask their help desk for support.