Download.zone
Free Software And Apps Download

What is a Salami Attack and How to protect against it?

Over the past year, digital payments have surged due to their flexibility and reliability in streamlining business transactions. However, this rise has also led to an increase in cyberattacks, with hackers targeting vulnerable sectors across various industries.

These attacks, which vary in form and severity, can inflict substantial damage. Reports highlight that salami attacks, phishing, ransomware, and crypto-jacking are among the most prevalent methods used for financial gain.

Salami attacks on banks and financial institutions have notably increased. This article will explore salami attacks in cybersecurity and provide essential information about them.

What is a Salami Attack

What is a Salami Attack?

ad

A salami attack is a cybercrime commonly used by attackers to carry out financial crimes. In this attack, criminals systematically steal small amounts of money or resources from financial accounts, one at a time. Multiple minor attacks combine to create a more substantial impact. Due to the subtle nature of these crimes, they often go unnoticed. Perpetrators of such attacks can face penalties under Section 66 of the IT Act. In cybersecurity, Salami Slicing and Penny Shaving are two key types of salami attacks.

How Does a Salami Attack Work?

After trying various routing and bank account combinations to gain access to accounts, cybercriminals may make small deposits into users’ accounts once they find a valid one. They can then set up small monthly fees to be withdrawn from the financial institution and redirected to accounts they control.

Since these fees are minimal, users are likely to overlook them on their bank statements. However, if hackers use this illegal method across numerous bank accounts, their gains can quickly grow.

Types of Salami Attacks in CyberSecurity

Salami Slicing Attack

A “salami slicing attack,” also known as “salami fraud,” involves an attacker accessing an online database to acquire customer information, such as bank or credit card details. The attacker then gradually withdraws minuscule amounts from each account over time. These small deductions accumulate into significant sums of money taken from joint accounts without detection. Most individuals do not report these minor deductions due to their negligible size.

For instance, if an attacker withdraws ₹0.01 (1 paise) from each bank account, the tiny amount is unlikely to be noticed. However, when this small deduction is made from numerous accounts at a bank, it can accumulate into a large sum.

Penny Shaving Attack

Penny shaving involves the fraudulent practice of repeatedly siphoning off very small amounts of money. This is often achieved by rounding transactions to the nearest cent. The aim is to make these minute changes so small that they go unnoticed in financial transactions.

Real-life salami attacks cases

There have been several notable salami attacks in the past. Here are three real-life examples that illustrate the various methods scammers use to commit fraud.

Case 1

In August 2013, Amit Kumar Bhowmik, a senior High Court lawyer in Pune, lost Rs 180 after receiving three blank calls from an unknown number. Upon checking his Airtel billing account online, he found that he was charged Rs 60 for each call. Frustrated by the harassment, Bhowmik filed a complaint with the Pune police crime branch’s Cyber Crime Cell. However, due to mobile companies’ privacy policies, the Cyber Crime Cell has been unable to trace the location or identify the user of the phone.

Case 2

Michael Largent, a 21-year-old from California, developed a program to exploit challenge deposits used by companies like Google to verify bank accounts. The program created over 58,000 user accounts, generating challenge transactions ranging from $0.01 to $2.00, which were deposited into Largent’s accounts. The total amount, between $40,000 and $50,000, was then transferred to other accounts belonging to Largent.

Case 3

Vinod Kumar Pacchiyappan, a manager at SBI Cards and Payment Services Pvt Ltd, reported to the police that insider employees had stolen customer KYC data. This led to the creation of fake credit cards and resulted in a loss of approximately 38 lakh rupees.

📚 Also Read: How to report cyber crime and fraud in india

How to Spot a Salami Attack?

A salami attack is a type of financial fraud where small amounts of money are stolen over time, eventually adding up to a significant sum. Here are some ways to detect a salami attack:

  • Monitor Your Bank Statements Regularly: Keep a close watch on your bank statements and transactions, checking them frequently to spot any unauthorized activity.
  • Look for Small Deductions: Be on the lookout for small, unfamiliar deductions or transactions, as these could indicate a salami attack.
  • Check Your Credit Report: Review your credit report for any unauthorized accounts or inquiries. If you notice anything suspicious, act immediately.
  • Be Wary of Unsolicited Emails: Exercise caution with unsolicited emails or messages requesting personal or financial information, as these may be phishing attempts that could lead to a salami attack.
  • Set Up Alerts: Utilize your bank’s alert services to be notified of unusual activity on your account. You can set alerts for transactions above a certain amount or for any account changes.
  • Keep Your Passwords Secure: Use strong, unique passwords for your financial accounts and never share them with anyone.

Additionally, performing thorough white box testing by examining each line of code can also help detect a salami attack. Following these practices can help protect you from a salami attack and keep your finances secure.

How do you Defend your Bank Account Against a Salami Attack?

Users are advised to review their weekly transactions and monthly bank statements to safeguard their accounts from salami attacks. By regularly scanning these activities, you can detect any unusual charges on your account. If you notice any strange charges, contact your bank immediately.

Financial institutions, including banks, should enhance their security measures to prevent attackers from understanding the system’s design. Additionally, banks should provide guidance to customers on how to report any unfamiliar money deductions.

FAQ’s

What is a salami attack?

A salami attack involves stealing small amounts of money from accounts over time, which add up to a significant sum. These subtle thefts often go unnoticed and are punishable under Section 66 of the IT Act.

How does a salami attack work?

Cybercriminals access financial accounts and make small withdrawals or set up tiny recurring fees. These minor amounts, when accumulated across many accounts, can result in substantial financial gain.

Conclusion

Salami attacks can cause significant financial loss through small, unnoticed deductions. To protect yourself, regularly check your bank statements, set up alerts, and use strong passwords. Financial institutions must also strengthen security and educate customers. Being vigilant and proactive is key to preventing and addressing these types of fraud.

ad

Comments are closed.