CSOOnline has a good article on ACH (Automated Clearing House) fraud:
Fraud involving the Automated Clearing House (ACH) Network, which is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals, is becoming an increasingly popular way for hackers to siphon money out of the bank accounts of unsuspecting victims.
Fraudsters only need two pieces of information to pull off ACH fraud; a checking account number and a bank routing number. They typically obtain the information with a targeted phishing email that tricks the victim into running malicious software which then allows criminals to install keylogging software and steal bank account passwords.
In order to reduce the risk of this type of exploit, we recommend using a bootable, secure “Trusted Client” on an encrypted USB stick from Becrypt.