Watch for the Man-In-The-Middle


By Jennifer Adams

Cybercriminals are sneaky and always on the lookout for ways to scam businesses and individuals out of their hard-earned money. Even if an email appears to be from an organization you trust, proceed with caution. Man-in-the-middle attacks begin with emails that appear to be from a trusted source, but they really are cybercriminals trying to trick the user into giving them personal or business information. This is how it happens.  

What are MITM Attacks?

          A MITM (or man-in-the-middle) attack takes place when a criminal intercepts an existing conversation or data transfer and poses as both existing parties.  This enables the hacker to eavesdrop on both ends of the conversation and gain each party’s trust so they will reveal sensitive information such as login credentials or banking information. For example, you receive an email that appears to be from your bank asking you to log in to verify your information, but its really a hacker who has created a website to look like your banks so that they can steal your bank login credentials. These attacks are executed in two phases – interception and decryption.

          During the interception phase, the hacker targets an unprotected or poorly protected network such as a free Wi-Fi hotspot or the Wi-Fi found in homes. These attacks are typically automated. Vulnerabilities such as a weak password are a gateway for hackers. After the hacker has access, they install tools that intercept personal information. Because MITM can be protected against with encryption, diligent attackers will try again using phishing tactics.

          To be successful, the man-in-the-middle cannot stop after the interception phase. After the login credentials are intercepted, they must be unencrypted so the hacker can read them and later use. To do this, malware designed to unencrypt and decode is installed on the browser without the victim’s knowledge.

How Much Damage Can They Do?

          The damage from these attacks ranges from small to disastrous, depending on the hacker’s intentions and ability. Although they are not as common as ransomware attacks, MITM attacks are a present threat for companies of all sizes. According to IBM X-Force’s Threat Intelligence Index in 2018, around 35% of exploitation activity involved hackers attempting to conduct MITM attacks.  

How to Prevent a MITM Attack -

          Increased in-browser warnings as well as the growing widespread adoption of HTTPS have reduced the number of MITM attacks, but they still do happen which is why it is wise to still be watchful of them.

  • Use an Up-To-Date Version of a Secure Browser - Google Chrome, Safari, Internet Explorer and Firefox browsers all warn the user when they are at risk for a MITM attack.
  • Stay Away from Unsecured Networks – Public networks are easiest for hackers to use to implement MITM attacks because they are unsecured and anyone can use them. Only use Wifi that is password or VPN protected.
  • Ensure Online Transactions are Secure –When conducting an online transaction or logging in to an online account, use plugins like HTTPS Everywhere or Force TLS to ensure sensitive information stays private.


Cybercrime is on the rise and criminals are unscrupulous and constantly inventing new ways to steal from unsuspecting victims. Exercise caution when making transactions online and secure your network by partnering with a managed IT provider who can advise on emails and popups you are unsure of and guard your network against these attacks. An Ounce of prevention is worth a pound of cure.



Subscribe To Updates

Get notified of important Xerox news and helpful articles from XETX.