How many times have you not logged out of your online banking or credit card account before visiting a different website? You may be taking more of a risk than you think?
A very interesting article from ZDNet Phishing without bait: The in-session password theft attack" describes a method where someone can capture your username and password from you banking system through a rather devious method... and you would probably not suspect it.

Think about doing some online banking and getting a thought about something you'd like to investigate (maybe searching for the name of a company that debited your account). You may open up another browser tab and do a Google search. You click on what looks like a legitimate link and shortly there after you get a pop-up asking you to log back into your bank account to keep your current session active. If you respond, you may have just given away the keys to your bank account. This is what this ZDnet article describes.

The moral to the story is to always log off your bank and credit card online systems (and exit the browser) before visiting any other website. The sites you visit may be legitmate, but you'd be trusting that they've not been hacked.