(also salami tactics, salami slicing attack, salami attack, penny shaving)
Salami fraud definition
In cybersecurity, salami fraud is the practice of stealing small amounts of money from a large number of accounts over a period of time. Salami fraud aims to make individual fraudulent transactions small enough to avoid triggering automatic security systems and pass beneath the notice of the victims.
Salami fraud typically targets automated systems with a large volume of daily transactions, such as online banking. Once the system is compromised, the attacker instructs it to divert a tiny percentage of each transaction to their own account.
Examples of salami fraud
- Online banking: Criminals may compromise the online banking services to deposit a small amount (often just a fraction of a cent) from each transfer into their own account.
- Utilities: Criminals can tamper with the invoicing process to charge customers slightly more than they owe, siphoning off the excess funds to external accounts or accumulating them as credit with the utility company.
- Online shopping: When visiting an online store, criminals may opt to make many small purchases using multiple stolen credit cards to blend in with the flow of legitimate transactions.
Stopping salami fraud
- Regularly review your transactions, accounts, and bills for anything unusual, such as recurring small charges for services you do not recognize.
- Contact your financial institution immediately if you suspect that you have become a victim of salami fraud.