Avoiding the Man in the Middle – Preventing a Common Cyberattack

Avoiding the Man in the Middle – Preventing a Common Cyberattack
Andrew Sanders
Posted: February 28, 2019

Imagine the following scenario:

One day, you get an email that appears to be from your bank. The email prompts you to perform some simple administrative task – checking your balance, let’s say, you click on the email, click the link in the email to log into your bank account, and check your funds. Nothing seems amiss.

You’ve just been hacked.

The email that was sent to you wasn’t from your bank. It looked like it was from your bank, used the letterhead and language they would use, and was from an email account that appeared to be bank-related. When you clicked on the link in the email, it took you to a website that looked exactly like your bank’s login form – but wasn’t. Instead, it was a dummy page controlled by an attacker that was designed to do nothing but harvest your username and password.

Once the dummy page did its work, it simply transmitted the credentials it harvested to the bank’s real login page, logged you in, and redirected you to your account. You didn’t notice this, and the attackers don’t begin stealing your funds or stealing your identity until you’ve logged out again. It’s a nearly perfect crime.

What you’ve just experienced is a man-in-the-middle attack.

What is a Man in the Middle Attack?

Generally speaking, a man in the middle attack (MITM) is any attack where attackers place a layer of deception or obfuscation between you and your activity on the internet. In terms of severity, MITM can include everything from simple eavesdropping to outright robbery. Although typically used in conjunction with email phishing attacks, they can take place even if someone doesn’t send you a fake link.

For example, instead of sending a fake link, your attacker could simply hijack your network. This means that they take a look at your home router. If It hasn’t been updated in a while (which is very likely, less than half of IT professionals have ever updated their router firmware), this means that there’s most likely a software vulnerability that they can take advantage of.

Using this vulnerability, hackers can literally control everything you see on the internet – without ever attacking your computer or sending a phishing email.

How to Detect MITM Attacks

Detecting a man in the middle attack on your own requires good eyesight and attention to detail. For example, if you mind out that the URL that you typed into your browser doesn’t match the URL you arrived at, it’s time to be very cautious. Similarly, if you click on a link in your email expecting it to take you to a given site, and the URL doesn’t match that site, it’s time to be on alert.

That said, good web design skills are easy to find these days. If an attacker builds a fake website to collect your details, that there’s a good chance it will look exactly like the website you’re expecting to see. There are better ways of protecting yourself.

Preventing the Next Breach

Any decent antivirus with VPN will be able to encrypt your web traffic so that attackers won’t be able to eavesdrop on it. This automatically shuts down many avenues that attackers use to successfully carry off any form of MITM that involves session hijacking.

Furthermore, a good antivirus suite will help you more than you might think. There are some forms of MITM attack that involve infecting your browser directly (aptly called a man in the browser attack), but a good AV platform will also screen your email and web browsing activity for phishing attempts, looking for emails sent from suspect addresses or legitimate-looking websites with forged security certificates.

These protections will help prevent you from falling for one of the most insidious forms of cyberattack out there – and one that home computer users are ill-prepared to defend against on their own.

If you want to learn more about how to defend yourself, check out our list of the 10 best antivirus platforms.

About the Author

Andrew Sanders
Andrew Sanders

Andrew is a writer on technology, information security, telecommunications, and more