Financial services providers and security companies have uncovered a new pattern of email fraud called “salami” attacks. Named for the way sandwich makers may cut salami into thin pieces, these attacks involve hackers “slicing” small sums of money from multiple bank accounts at once.
Criminals begin “salami” attacks by identifying vulnerable bank accounts. They make up routing and account numbers and test them out until they find a match. Once a number is successful, the attacker takes the account and draws out small amounts of money through fake subscription services or online platforms.
The fraudulent transactions may be as small as a few cents, but if a hacker infiltrates thousands of accounts, large sums can quickly be reached.
“It may be less than 10 cents per instance, but you do that across 10,000 accounts that were created on that platform, and it can add up pretty quickly,” Ben Blakely, director of information security at Dwolla told American Banker.
Victims oftentimes do not realize they are being stolen from in these attacks until it is too late to stop the process or recover the stolen money.
Protect yourself from “salami” attacks by keeping a record of your subscription services and transactions and monitoring your accounts for suspicious movement large or small.