Learn

Personal Resource Center
Back

What Is a Man-in-the-Middle Attack?

If the term "man-in-the-middle" takes your mind to a childhood game, you already have a pretty good picture of how this type of cybercrime works. In man-in-the-middle (MITM) attacks, a criminal finds a way to get between a victim and a trusted online entity to intercept data or money. It's the monkey-in-the-middle of cybercrime, yet far less fun. 

While that description may sound simple, grasping the concept of MITM attacks gets quite complex. This is because MITM attacks are fairly common but difficult to quantify — victims of them might only know their identity was stolen or their bank account hacked but never know how it happened. Or they may realize they fell victim to a spoofing scam but not know that spoofing is one type of MITM attack. MITM is sometimes, but not always, carried out through phishing and sometimes, but not always, involves malware, spoofing, or Wi-Fi eavesdropping. 

MITM attacks can be several things carried out in multiple ways. As an aside, alternative names also used include: machine-in-the-middle attack, on-path attack, monster-in-the-middle and meddler-in-the-middle.6,7

Here's what internet users should know about how MITM scams work and how to protect themselves. 


Man-in-the-Middle Attack Features?

The consistent feature of an MITM attack is the perpetrator finding a way to insert themselves between the victim and a trusted online entity. It's a way to describe several different types of cybercrimes, including, but not limited to:1

  • IP, DNS, or HTTPS Spoofing: An attacker tricks a victim into interacting with a phony website by manipulating technical aspects of a site — like the internet protocol (IP) address, the domain name server (DNS), or security indicated by the "S" in HTTPS — to look like a trusted one. 
  • SSL Hijacking: A criminal generates fake security certificates, or secure sockets layer (SSL) certificates, for an otherwise secure site that helps them intercept data from a user.2
  • Email Hijacking: A scammer gains access to email addresses at a financial institution, monitors communications and then sends phishing emails to customers, mimicking the bank's emails to request information.
  • Wi-Fi Eavesdropping: An attacker sets up a public Wi-Fi address that looks like it belongs to a nearby business. When a user connects to it, the attacker can intercept login credentials, credit card data and more.
  • Browser cookie stealing: A criminal hijacks a company's browser cookies, which store customer data like passwords, and steals the data. 

If those sound too technical to fully grasp, you're not alone. When people have their data stolen or their devices compromised in this way, it's often difficult for them to know how it happened. It may require forensic analysis on a device to fully understand what occurred.3 The FBI's Internet Crime Complaint Center doesn't even track MITM attacks, likely because victims probably report these in the categories of phishing, personal data breach, spoofing, or another category.4

"MITM attacks are a tactical means to an end," is how one technology strategist described the practice to CSO Online.5 "The aim could be spying on individuals or groups to redirecting efforts, funds, resources, or attention."


How Does an MITM Scam Work?

The "how" of MITM attacks is complicated as well. Most MITM attacks happen in one of two ways: 

Close physical proximity: This is how Wi-Fi eavesdropping happens. This is also how attackers can hack into an unsecured Wi-Fi network, like in a public place. 

Malware: In the case of website spoofing, for example, a fraudster might trick a victim, often through phishing, into clicking a link or scanning a QR code that installs malicious software onto their computer or mobile device.

target icon
In man-in-the-middle (MITM) attacks, a criminal finds a way to get between a victim and a trusted online entity to intercept data or money.

Because there are so many types of MITM attacks, there are various ways an attacker can proceed with their attack. Ultimately, the MITM attack allows the criminal to access a victim's personal information or finances. 


How Can You Protect Yourself?

It may seem like you'd need an advanced degree in information technology to fully understand an MITM attack but, fortunately, protecting yourself against one requires much less technical knowledge. Much of the good cybersecurity hygiene people are used to hearing about helps protect against MITM fraud, including:8,3,1

  • Look for the S in HTTPS when visiting a URL. If it's not there, it's not secure.
  • You can install a browser extension that helps ensure you don't accidentally visit an HTTP website, which you can find by searching in your browser's extension store.
  • Beware of emails asking you to update login credentials. Never click on a link in such an email. To reset a password, always type the URL into your browser.
  • Avoid connecting to a public Wi-Fi directly from your computer. Instead, use a VPN to encrypt your connection.
  • Make sure you have a strong password on your home Wi-Fi connection.
  • Turn on multi-factor authentication (MFA) for online accounts. If your login credentials are stolen, MFA can let you know someone is trying to use them.
  • Install security software on your computer to look for suspicious activity.

What To Do If You Become a Victim of an MITM Attack

As noted above, if you become the victim of financial or identity fraud, you may never know if MITM was the method used in the attack. But there are certain standard steps to take when you find yourself the victim of any online fraud, including: 

  • Contact your banks, lenders and credit card companies and let them know you believe you are an online fraud victim. They will likely close your accounts and open new ones.
  • File a fraud alert at one of the three credit reporting bureaus: Equifax, Experian, or TransUnion.9,10,11 One will share the alert with the other two.
  • Freeze your report with each of the three main credit bureaus: Equifax, Experian and TransUnion.12,13,14 This will prevent anyone (including you) from opening new credit accounts without you first temporarily unfreezing.
  • File a complaint with the Federal Trade Commission at identitytheft.gov.15
  • File a police report with your local police or sheriff's office. While they can't necessarily track down the criminals, they can take a formal report and pass the information to other agencies.
  • File a report with the Internet Crime Complaint Center (IC3).16
  • Keep copies of all your reports and responses from each party you contacted.

The more you know about the cybercrime landscape, the more effectively you can protect yourself and your family. While MITM attacks may be technically complex, taking action to prevent one from happening is something any internet user can crack.

Important disclosure information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Clare Stouffer, "What is a man-in-the-middle attack?" Norton, published March 26, 2020, accessed April 10, 2024.

    Back

  2. Tomasz Andrzej Nidecki, "SSL hijacking," Invicti, accessed April 10, 2024.

    Back

  3. Rapid 7, "Man in the Middle (MITM) Attacks," accessed April 10, 2024.

    Back

  4. FBI Internet Crime Complaint Center, "Federal Bureau of Investigation Internet Crime Report 2022," published March 22, 2023, accessed April 10, 2024.

     Back

  5. Dan Swinhoe, "Man-in-the-middle (MitM) attack definition and examples," March 25, 2022, accessed April 10, 2024.

     Back

  6. Kinza Yasar, "man-in-the-middle attack (MitM)," TechTarget, published April 2022, accessed April 10, 2024.

     Back

  7. Lucas Hu, Howard Tong, Suiqiang Deng and Alex Starov, "Meddler-in-the-Middle Phishing Attacks Explained," published December 21, 2022, accessed April 10, 2024.

     Back

  8. Robert Izquierdo, "5 Ways to Prevent a Man-in-the-Middle Cyberattack," published May 18, 2022, updated August 5, 2022, accessed April 10, 2024.

     Back

  9. Equifax, "Fraud and active duty alerts," accessed April 10, 2024.

     Back

  10. Experian, "Fraud Alert," accessed April 10, 2024.

     Back

  11. Transunion, "Fraud Alert," accessed April 10, 2024.

     Back

  12. Equifax, "Security Freeze," accessed April 10, 2024.

     Back

  13. Experian, "Freeze your credit file for free," accessed April 10, 2024.

     Back

  14. TransUnion, "Credit Freeze," accessed April 10, 2024.

     Back

  15. Federal Trade Commission (FTC), "IdentityTheft.gov," accessed April 10, 2024.

     Back

  16. FBI, "Internet Crime Complaint Center (IC3)," accessed April 10, 2024.

     Back