What is a Salami Attack and How to protect against it?

Due to their flexibility and dependability in ensuring a more seamless payment process for businesses, digital payments have exploded in the last year. With the rise of digital payments comes an increase in cyberattacks, with hackers targeting vulnerable victims in various industries.

These attacks can cause significant damage and come in multiple shapes and sizes. According to a report, salami, phishing, ransomware, and crypto-jacking were among the most common financial gain attacks.

Must Explore- Ransomware: How It Works and How To Get Rid Of It?

Salami attacks on banks and financial institutions have increased in recent years. This article will cover the salami attack in cybersecurity and everything you need to know about it. But before we go any further, let’s go over the topics we’ll be covering in this blog:

1. What is a Salami Attack?
2. How Does a Salami Attack Work?
3. Types of Salami Attack in Cybersecurity
4. Real-life Salami Attack Cases
5. How to Spot a Salami Attack in Cybersecurity?
6. How do you Defend your Bank Account Against a Salami Attack?

Explore: Online Cybersecurity Courses

What is a Salami Attack?

A salami attack is a cybercrime that attackers typically use to commit financial crimes. Criminals steal money or resources from financial accounts on a system one at a time. This attack occurs when several minor attacks combine to form a powerful attack. Because of this type of cybercrime, these attacks frequently go undetected. Anyone guilty of such an attack faces punishment under Section 66 of the IT Act. Salami Slicing and Penny Shaving are two significant types of salami attacks in cybersecurity.

How Does a Salami Attack Work?

After attempting many different routing and bank account mixtures to gain access to accounts, cybercriminals can make negligible deposits into users’ accounts once they find a valid account. They can set up small monthly fees to be withdrawn from the financial institution and placed into accounts they can access once they find an account.

Because the fees are so minor, users will ignore them on their bank statements. However, if hackers successfully deploy this illegal strategy throughout other hundreds of bank accounts, their earnings can rapidly increase.

Must Explore: Online Ethical Hacking Courses

Types of Salami Attacks in CyberSecurity

Salami Slicing Attack

A “salami slicing attack” or “salami fraud” occurs when an attacker uses an online database to obtain customer information, such as bank/credit card details. Over time, the attacker deducts insignificant amounts from each account. These sums naturally add up to large sums of money invisibly taken from the joint accounts. Most people do not report the deduction, often due to the small amount involved.

For example, suppose an attacker withdraws ₹0.01 (1 paise) from each bank account. Nobody will notice such a minor discrepancy. However, a large sum is produced when one paise is deducted from each account holder at that bank.

Penny Shaving Attack

Penny shaving is the fraudulent practice of repeatedly stealing money in extremely small amounts. By using rounding to the nearest cent in financial transactions. The goal is to make the change so small that any transaction goes undetected.

Let’s look at an example:

Must Explore: Ethical Hacking - Eligibility, Courses, Fees, Syllabus, Job Profile

Real-life Salami Attacks Cases

Case 1

Amit Kumar Bhowmik, a senior High Court lawyer in Pune, lost Rs 180 after receiving three calls from an unknown number in August 2013. He had received three blank calls from an unknown number on his cell phone. When he checked his Airtel billing account online, he discovered he was charged Rs 60 for each call.

Bhowmik fed up with the harassment, filed a complaint with the Pune police crime branch’s Cyber Crime Cell. The Cyber Crime Cell has yet to trace the location or identify the phone’s user because mobile companies’ privacy policies have posed a barrier in locating the offenders.

Case 2

Michael Largent, a 21-year-old from California, wrote a program allowing him to take advantage of challenge deposits, which companies like Google and others use to validate a client’s bank account.

The program created over 58,000 user accounts, resulting in challenge transactions ranging from $0.01 to $2.00 sent to Largent’s accounts. The funds, amounting to somewhere between $40,000 and 50,000, were transferred into other Largent accounts.

How to Spot a Salami Attack?

A salami attack is a type of financial fraud where small amounts of money are stolen over a long period of time, which adds up to a significant amount of money. Here are some ways to spot a salami attack:

1. Monitor your bank statements regularly: Keep a close eye on your bank statements and transactions, and check them frequently to identify any unauthorized transactions.
2. Look for small deductions: Watch out for small deductions or transactions you don’t recognize, as these can indicate a salami attack.
3. Check your credit report: Keep an eye on your credit report for any unauthorized accounts or inquiries. If you see something suspicious, take action immediately.
4. Be wary of unsolicited emails: Be cautious of unsolicited emails or messages that ask for your personal or financial information. These are often phishing attempts that can lead to a salami attack.
5. Set up alerts: Most banks offer alert services that notify you of any unusual activity on your account. You can set up alerts for transactions over a certain amount or for any changes to your account.
6. Keep your passwords secure: Always use strong and unique passwords for your financial accounts and never share them with anyone.

Another way to detect a salami attack is to perform time-consuming but necessary white box testing by checking every line of code. Therefore, by following these tips can help protect yourself from a salami attack and keep your finances secure.

You can also explore- What is a Denial-of-Service (DoS) Attack?

How do you Defend your Bank Account Against a Salami Attack?

Users are encouraged to oversee their weekly transactions and month-to-month bank statements to protect their accounts from being hindered by a salami attack. You can monitor any potential charges on your account by actively scanning through these activities. If you have any issues with any strange charges on your account, contact your bank.

Financial institutions, such as banks, should also update their security so that the attacker does not become familiar with how the framework is designed. Banks should advise customers on how to report any money deduction they were unaware of.

Must Check: Top Cybersecurity Interview Questions and Answers

Conclusion

A salami attack is a cybercrime in which an attacker steals money in small amounts. It comes in two varieties: salami slicing and penny shaving. The damage done is so minor that it goes unnoticed. The attacker faces imprisonment under Section 66 IT if convicted of this attack.

If you are interested in cybersecurity concepts or want to learn more about cyber attacks, you can take on online cybersecurity courses preferred by working professionals, such as - IIT Kanpur - Advanced Certification Program in Cyber Security and Cyber Defense, Cyber Attack Countermeasures, Detecting and Mitigating Cyber Threats and Attacks, and so on.