Man-in-the-Middle Attack (MitM)

A type of cyber attack where attackers eavesdrop on and possibly alter the communications between two parties.


A MitM attack allows criminals to see what websites a victim is visiting, read their emails, steal credentials, and/or impersonate others for further malicious purposes.

Attackers can do this in a few different ways. For example, they could set up their own 'fake' Wi-Fi access point which users connect to - all of their web traffic and information will then be captured by the attacker. Similarly, an attacker can set up their access point to have the same identifying name as one which a user has previously connected to - the user's device may then automatically attempt to connect, and again the attacker can capture a lot of potentially sensitive information whilst the device is connected.

If you are communicating without secure encryption (e.g. through public open Wi-Fi spots that don't require a login, or websites that don't use HTTPS), then there is a risk of an attacker being able to take advantage of common openings to hijack that communication.

Alternatively, routers are another way in which an attacker can carry out MitM attacks. If a router has a weak password, or is still using the default factory settings, then it is relatively straightforward for an attacker to gain access to it. They can then gather information about the devices connected to that router, or even redirect those users to malicious websites.

Advice

There are a number of protective measures you can take to mitigate the risk of MitM attacks. These are:

Don't use open/public Wi-Fi hotspots to conduct sensitive transactions or correspondence.
Be wary of connecting to hotspots that do not require a password to connect.

Disable 'auto-connect to networks' (or similar setting) on your devices
This can help prevent your devices connecting to compromised networks/spoofed networks.

Change the default/factory admin and password settings for your routers to mitigate the risk of them being compromised.

Look for HTTPS
Avoid exchanging infomation across wesites that do not have the security HTTPS. (Note: just because a website uses HTTPS, it does not mean it is 100% legitimate - you still need to verify that a site is authentic through other means before you exchange any sensitive login details e.g. check for mispelled URLs / suspicious or out of place links etc.).

If you have fallen victim to this or any other type of cyber crime, report the incident to Action Fraud
You can report through phone (0300 123 2040) or on their website at https://www.actionfraud.police.uk. Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims.

By using this website you agree to our use of cookies to enhance your experience. I understand