There is a form of cyber attack doing the rounds called a man-in-the-middle attack, or MITM for short. Many companies have been hard-hit by it, losing out on substantial amounts of money as a result. However, it is not just companies getting hit by this specific type of cyber attack, it is also individuals, when a cyber criminal compromises a public Wi-Fi.
So, what is a man-in-the middle-attack? Let’s imagine a scenario where your company owes money to one of your suppliers for services or stock they supplied. You receive an email with the invoice so pay it on time. However, after a few weeks, the supplier calls you to ask why you haven’t paid the bill; you reply that you have already transferred the money, but their bank statement says otherwise.
So what happened?
A hacker intercepted the invoice and changed, rather cleverly, only the bank account details (keeping the amount the same) before forwarding the invoice back to you, its intended recipient. The email looked exactly as you expected and appeared completely legitimate so you paid the money, unwittingly transferring it into the wrong account. This is known as a man in the middle attack (MITM).
How does a hacker intercept an email?
In order to intercept the email, the hacker would need to upload the man in the middle malware (malware, short for malicious software, is a term that refers to intrusive software.) The hacker does this by uploading a trojan (a malicious computer program which misleads users of its true intent) to open a backdoor and upload the MITM malware. The malware can be automated to search for bank account details and overwrite them with new details. Alternatively, it can send the email directly to the hacker, who is then able to manipulate the invoice before sending it on.
Are there any symptoms of MITM?
Man-in-the-middle malware can be very difficult to detect, so the best strategy is to prevent the initial Trojan that enables the hacker to install the malware.
Backdoor Trojans are often spread via:
Scam/spoof emails or their attachments
Fake Java or Adobe updates
Fake online virus scanners
Fake online system tools that promise to speed up your computer
Keygens, cracks and unofficial patches for games or other premium software.
How can you prevent a Man-in-the-Middle attack?
1. Make sure your Wi-Fi connection is secure
A man in the middle attack is often launched through a compromised Wi-Fi router. To prevent this, make sure your Wi-Fi router uses WPA2 encryption and reset the default password to a strong password with around 20+ characters. Public Wi-Fi is not secure enough for banking.
2. Do not visit non-secure sites
If a pop-up message warns you that the site’s certificate has a problem, don’t visit the site. It’s not worth the risk as it could be a spoofed site or compromised with malware. Be sure to check that the URL of a website starts with HTTPS rather than just HTTP (the ‘S’ stands for ‘secure’.)
3. Make sure your computer is secure
Keep your operating system, applications, and antivirus patched and up to date. Make sure this applies to all your devices. Ensure malware protection is installed and up-to-date and disable Autorun on all drives. (Control Panel> Autorun, select “Take no action” for everything) A strong login password is also vital – 10-character minimum, mixed letters, numbers and symbols. Run regular virus scans, making sure that all firewalls are up-to-date and have had their default passwords changed. On top of this, set up 2-step verification on all your key accounts, such as your main email account and all bank accounts.
4. Phone before making payment, confirming the amount AND the account details
Before making any bank transfer over email, make sure you phone to check both the amount and the account details. To confirm account numbers over the phone, use the same technique used by banks – confirm the 3rd, 4th, 6th and 8th number rather than the entire number. When phoning, do not use the phone number displayed on the email – the hacker could have changed that too; use the phone number from your own records or from their company website instead.
We are using cookies to give you the best experience on our website.
You can find out more about which cookies we are using or switch them off in the options section.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.For more information on Google Analytics cookies, see the official Google Analytics page.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.For more information on Google AdSense see the official Google AdSense privacy FAQ. Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase. Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!