Quizzes   Games   Partners   BSA Members
 

   
Select Language:

Cyber Safety Glossary

Man-in-the-Middle Attack


Also Known As:
Web Site Spoofing, Spoofed Web sites, Faked Web sites, Pharming

Description:
The phrase "Man-in-the-Middle Attack" is used to describe a computer attack during which the cyber criminal funnels communication between a consumer and a legitimate organization through a fake Web site. In these attacks, neither the consumer nor the organization is aware that the communication is being illegally monitored. The criminal is, in effect, in the middle of a transaction between the consumer and his or her bank, credit-card company, or retailer.

The man-in-the-middle server electronically “eavesdrops” on every keystroke, giving the criminal username, password, and account information. Criminals perpetrate this scam in a number of ways. They trick the consumer into clicking a link to the fake Web site in Phishing and Pharming email messages. They employ Spyware and other Malware that when loaded on the consumer’s computer redirects the Web browser to the fake site. The most technically competent manipulate the real Web site so that visitors are directed to the fake site.

How to Recognize This Threat:
Be extremely wary of any official sounding unsolicited email or text message that asks you to click on a link and log onto a Web site to clear up a major problem. Scare tactics are used to lure the unsuspecting into the Man-in-the-Middle trap.

What Should I Do:
Never click on a link or open an attachment in an unsolicited email or text message. Delete the email or message. If you are concerned, call the organization or open your Web browser and type in the address. If the site has changed since your last visit, be cautious. Maintain up-to-date anti-virus and anti-Spyware programs on your computer and install a firewall. These precautions will reduce the likelihood that a virus will redirect you to a criminal’s Web site. Also, look for the lock or key icon at the bottom of the browser when entering a site that purports to be secure.