What Is Man-in-the-Middle Fraud?

The term "man-in-the-middle fraud" refers to a cyberattack where a hacker obtains sensitive information transmitted between two other parties online. The "man in the middle" is normally an unauthorized third party who intercepts a conversation or transaction between two other parties.

This type of fraud is easily accomplished using unsecured public WiFi networks or poorly protected home networks. It can also be carried out by installing malware on the target’s computer.

Key Takeaways

  • Man-in-the-middle fraud is a type of cybercrime.
  • It involves stealing user information while it is being transmitted through or from a trusted service, such as a bank or social network.
  • Some of the common methods used to carry out such attacks include impersonating legitimate websites and planting malware on victims’ devices.
  • Hackers also routinely intercept the web traffic sent through unsecured public WiFi networks.

How Man-in-the-Middle Fraud Works

A cyberattack is a criminal assault launched online by an individual or a group in an attempt to steal data or to control computers and networks. Perpetrators commonly use any number of tools, including malware and ransomware, to launch these attacks, which range from denial-of-service and phishing attacks to man-in-the-middle fraud, which is also called a man-in-the-middle-attack.

As mentioned above, this kind of cybercrime involves the participation of three or more parties. Two or more of these parties are normally linked together through a conversation or a transaction that may already be in progress. The criminal hacker intercepts the interaction in an attempt to steal data such as someone's personal financial information. They are normally able to do this without exposing themselves to their victims.

For instance, a hacker may successfully intercept an individual's personal information—full name, date of birth, and credit card number—by eavesdropping on traffic flowing through a coffee shop's public WiFi network. This leaves the individual vulnerable to identify theft. Some hackers even create fake WiFi networks designed to imitate legitimate ones. When someone logs in, their activity is monitored and recorded by the hackers.

Another common method is to set up fake websites designed to resemble popular ones—notably social networks and online retailers. If the customer doesn't notice the difference, they may log in to the fake site, thereby revealing their username and password to the hackers. The hackers can then use that information to access the user’s real account on the legitimate site, which they may then use to steal from the user or demand that they pay a ransom.

Man-in-the-middle hackers may also intercept emails between two parties, creating spoofed emails that cause individuals to provide sensitive data to the man in the middle.

There are several steps individuals and companies can take to protect themselves against man-in-the-middle fraud. For instance, people can use encrypted data transmission protocols whenever possible, such as enabling the HTTPS option when it is available on messaging applications and websites. This type of secured protocol is often enabled by default on banking and ecommerce websites, although it is becoming increasingly common on other sites as well.

Another method for preventing man-in-the-middle fraud is to avoid connecting to unsecured WiFi networks. If no alternative is available, you can reduce your risk by avoiding accessing sensitive websites and making online purchases while on networks that aren't secure.

You can also reduce your risk of man-in-the-middle attacks by changing your password regularly, and by using antivirus and anti-malware software on your devices.

Real-World Example of Man-in-the-Middle Fraud

Aside from the routine and low-level man-in-the-middle attacks—which unfortunately are an almost everyday occurrence—hackers occasionally use this type of fraud to go after much larger targets. At times, these attacks can affect millions of users at once, by compromising large corporate or government networks that store vast amounts of user information.

One example occurred in 2017 when Equifax (EFX)—one of the three major credit reporting agencies—temporarily recalled all of its mobile phone applications over concerns that the apps had critical security vulnerabilities. These vulnerabilities allegedly left the apps exposed to a potential man-in-the-middle attack by hackers. Since the applications received and had access to confidential personal and financial information of millions of users, this vulnerability could have had disastrous consequences had it been exploited by hackers.