Definition
Salami fraud is stealing negligible amounts of money from several accounts over an extended period. Attackers aim to make the transactions as tiny as possible to avoid triggering automatic security systems and slip past the victim’s attention.
Usually, the attackers target automated systems with huge volumes of daily transactions, like online banking. After infiltrating the system, they instruct it to route a small fraction of each transaction to their account.
Salami Fraud Examples
- Online banking: Criminals exploit online banking by depositing tiny amounts from transfers into their own accounts.
- Utilities: Fraudsters manipulate invoices to overcharge customers slightly, diverting excess funds to external accounts or accumulating credit.
- Online shopping: Criminals make numerous small purchases using stolen credit cards to blend with legitimate transactions.
Stopping Salami Fraud
- Regularly review transactions, accounts, and bills for unusual recurring activities such as recurring small service charges.
- Contact your financial institution promptly if you suspect salami fraud victimization.
How Does a Salami Attack Work?
Salami fraud happens in financial or database systems where intruders can access these resources. They use different techniques to launch salami fraud, with the key goal of stealing small amounts of money or data without being noticed. Cybercriminals use manual methods or automated scripts to siphon off small amounts. Over time, the tiny bits accumulate into a substantial loss that might not be noticed.
Types of Salami Attacks
- Financial Salami attacks: It’s the most common theft involving small amounts from numerous accounts to avoid detection. Techniques include credit card skimming, ATM skimming, payroll fraud, invoice fraud, and investment fraud.
- Information Salami attacks: Theft or alteration of small pieces of information from multiple accounts to evade detection.
- CPU Salami attacks: Malware secretly consumes small amounts of a computer’s processing power.
- Network Salami attacks: Malware consumes small amounts of a network’s bandwidth to evade detection.